That’s been discussed a lot elsewhere in the thread. The parent of my comment specially talks about how any barrier to entry (My add: especially legal/criminal ones) deters most unsophisticated/undedicated attackers from widely distributing malware.