: Research on Software Supply Chain Attacks often uses "remote pkg installers" as a primary case study for how legitimate package management tools can be subverted to execute remote code.
While there isn't a single "famous" paper with this exact title, this specific behavior is a central theme in several notable security research publications: Download remote pkg installer pkg
If you are looking for a specific paper, could you clarify if you are researching a (like Shlayer) or looking for a technical tutorial on remote deployment? : Research on Software Supply Chain Attacks often
The phrase "Download remote pkg installer pkg" is frequently associated with and security research papers focused on macOS threats . It typically refers to a specific command-line activity or a characteristic of "dropper" malware that fetches a secondary payload (a .pkg file) from a remote server to install on a target system. It typically refers to a specific command-line activity
: Patrick Wardle’s annual research papers often break down these installation methods. You can find detailed technical breakdowns of these remote installers on Objective-See's research blog .
: High-profile reports from security firms like SentinelOne , Objective-See , and Jamf often cite this exact string when documenting macOS-specific adware or trojans (such as Shlayer or Bundlore ). These papers detail how scripts use curl or wget to "download remote pkg installer" files to bypass standard gatekeeper protections.