malware or threat actors may install additional software using the system’s package manager or official install media on compromised systems to make their lives easier.
For example, if a threat actor wants to install a rootkit on a Linux host, they may add C compilers and kernel headers to compile a custom module for the host.