The Web should be for content, not code
This also applies to e-mail links; if we could transition away from executable code being downloadable by web browsers, this vector would go away. Applies to scripts as well.
We'd need effective non-browser native apps for software retreival and installation; they could deal with code signing and attribution issues. Most platforms already have such apps like app stores. Or CLI tools like port, apt , brew, etc. As long as the OS/hardware maker doesn't get a monopoly on the app store or whatever software delivery mechanism like Apple has (for example), this would be an improvement.
At a minimum, browser makers should be picking up on these malware techniques and blocking dodgy redirects and mismatches between reported and detected mime types on downloads.