Indeed, FOR, and the concern is the 'ease' with which these are 'arriving' and the unknown threats which may be buried in their code.

It would be illuminating, I feel, to see how many 'protected' users there are who have these PUPs - a full MBAM or similar scan is required.