File copiers require low-level system permissions to intercept Windows’ copy commands. A malicious actor embedding code into a "preactivated TeraCopy" can easily deploy: