>> Attacks like this are not helped by the increasingly-common "curl | bash" installation instructions ...

> It's not really any different than downloading a binary from a website, which we've been doing for 30 years.

The two are very different, even though some ecosystems (such as PHP) have used the "curl | bash" idiom for about the same amount of time. Specifically, binary downloads from reputable sites have separately published hashes (MD5, SHA, etc.) to confirm what is being retrieved along with other mechanisms to certify the source of the binaries.

On Mac binaries need to be signed and notarized and Apple could stop the spread of the malware once it's identified or even detect it before notarizing it.

Which is why package managers with well-maintained repositories are the civilized solution to software disruption. Unfortunately the Linux world has been dedicating a lot of energy to making Windows-style "download and run the exe" possible on Linux.