Apps and installers on macOS are also signed but there’s always a way to go around it. Simplest method is for the malware author to resign it, since effectively no one will verify the signature is from the correct source. But even then you can always convince people to disable System Integrity Protection to install crap. Despite it being a convoluted process, never underestimate what someone who is not tech savvy but is desperate can do. They will install anything and jump through any hoop the malware author walks them through with nice screenshots.

I doubt there’s no way to trick people the same way on Windows. Perhaps I’m wrong, and if I am I’d welcome learning how that system works.