Users don't deliberately install malware, though. They do install Python runtimes; you can secure this the exact same way desktops have done for decades, by signing executable.
Users don't deliberately install malware that's called "Install This To Give All Your Money To Scammers."
They deliberately install an app that's called "Funny Videos Daily Ha Ha!", that also has a rootkit or whatever that gives all their money to scammers.
They deliberately install an app that's called "Funny Videos Daily Ha Ha!", that also has a rootkit or whatever that gives all their money to scammers.