I wrote this interesting little demo of a type of malware that has stolen from users out in the wild. This type of malware works by detecting Bitcoin addresses in the copy-paste buffer and replacing the address with the thief's. So when the user pastes the address, the funds are sent to the attacker instead of the intended recipient.
Source: https://github.com/chaintuts/addrjack
Demo video: 
