Stay aware, stay secure, and think twice before clicking that DMG link in an unfamiliar index.
Mount the DMG (command-line or double-click), then in Terminal: codesign -dv /Volumes/VolumeName/AppName.app If you see signature=adhoc or code object is not signed at all , it is not from Apple or a verified developer. Proceed with extreme caution. index of dmg
Have you ever found a legitimate use for an open directory? Or did you learn this lesson the hard way? Let me know in the comments below. Stay aware, stay secure, and think twice before