I think that people put too much trust on the sudo prompt on the terminal. Scripts could easily produce a fake prompt for the intent to grab the password or they could just modify the path variable and add a malicious replica in the user's local bin directory. GUIs are generally not any better as they can just draw a shade layer on top of the other windows and drop a centered password prompt on the midpoint.

It is true that this design prevents the execution of admin level operations by default but you could just as well switch accounts when you need the elevated access. There is also so much to steal and try in the user's context that many attackers would be content with that alone if they want to pull a ransom attack or an identity fraud.