It would never work because of adoption and whatnot, but using a crypto system like ENS and requiring users to go through a special browser might make that a bit more in-universe. Or maybe a toggle in the browser to turn on ENS and disable DNS.
The point being - you should know when you want to access certain services so you switch on this mode, not allowing normal DNS name jacking or the like.
I imagine a launcher which hashes the binary before you run it and compares the hash to some kind of registry. Then it can tell you that 5 people you explicitly trust have encountered this hash, and 768 people that they trust have, and 5789 people that they trust...
If you're the first person to encounter the hash, or if the number of hops is very high before you encounter something besides 0 (eventually heading into sybil-territory) then you have cause for extra scrutiny.
Bonus points if the people who developed the app are participating, but still useful if they're not.
I'm not sure what Bitcoiner's preference would be exactly, but I'm sure they've got something involving signed wallet hashes published on the chain.
The hard part, as with anywhere else, is getting users to check it.