: High-profile reports from security firms like SentinelOne , Objective-See , and Jamf often cite this exact string when documenting macOS-specific adware or trojans (such as Shlayer or Bundlore ). These papers detail how scripts use curl or wget to "download remote pkg installer" files to bypass standard gatekeeper protections.
: Patrick Wardle’s annual research papers often break down these installation methods. You can find detailed technical breakdowns of these remote installers on Objective-See's research blog . Download remote pkg installer pkg
While there isn't a single "famous" paper with this exact title, this specific behavior is a central theme in several notable security research publications: : High-profile reports from security firms like SentinelOne
If you are looking for a specific paper, could you clarify if you are researching a (like Shlayer) or looking for a technical tutorial on remote deployment? You can find detailed technical breakdowns of these
: Research on Software Supply Chain Attacks often uses "remote pkg installers" as a primary case study for how legitimate package management tools can be subverted to execute remote code.