: High-profile reports from security firms like SentinelOne , Objective-See , and Jamf often cite this exact string when documenting macOS-specific adware or trojans (such as Shlayer or Bundlore ). These papers detail how scripts use curl or wget to "download remote pkg installer" files to bypass standard gatekeeper protections.
: Patrick Wardle’s annual research papers often break down these installation methods. You can find detailed technical breakdowns of these remote installers on Objective-See's research blog . Download remote pkg installer pkg
While there isn't a single "famous" paper with this exact title, this specific behavior is a central theme in several notable security research publications: : High-profile reports from security firms like SentinelOne
: Research on Software Supply Chain Attacks often uses "remote pkg installers" as a primary case study for how legitimate package management tools can be subverted to execute remote code. You can find detailed technical breakdowns of these