Solution: Don’t run executable code from unknown sources.
The .exe might be perfectly fine, from a known source. Yet malicious payload might be hiding in .dll
Freshly downloaded .dll from a compomised update (supply chain attack).
According to your logic, these 29,000 users did nothing wrong:
As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server. Bad actors compromised its upgrade mechanism and used it to install a malicious file on user computers.
They trusted the software and its update mechanism.
are the real threat these days for example these software updates are the real time code injection examples. If we are talking about hacking this would be no.1 cause and i would place backdoors and zero day vulnerabilities in same category of code injection.