You are assuming it was malware on the machine that compromised the account, which isn't always the case.
Lately, attackers have been compromising account databases at websites and using them to attack other sites like banks, since many people reuse their passwords.