It uses ACLs and access groups. So a malicious app should not be able to access keychain items for other apps. Sure, it might be possible to get the key out of process memory, but that raises the bar significantly for an attacker. Most infostealer malware is pretty basic, and just looks for files A, B, C, etc.

https://developer.apple.com/documentation/security/keychain_...