malware often checks for the existence of non-security software softare.
For example, a credential stealer may search for different web browsers, password managers, or networking software that stores usernames/passwords to loot.
Another example would be malware droppers searching for certain software to determine which version of malware or which plugins to install on the host