The idea is lovely Andylusion, unfortunately it doesn't really work like that. Best way to explain... essentially malware has to be compiled... it has to be "executable" (the .exe of applications) and it must be "run" to do anything vs whats being stolen is documents and emails which are essentially text - they themselves are not "ran" or "executed" but rather the program to read them is (word, notepad, etc.)
That said, there is a chance of such things with Word these days because Word is script capable, however that presumes they're using word, acrobat, etc. rather than some safer pure text based program to view their stolen data. - See also
The Rise of Document based Malware - Data Threat Detection and Prevention | Sophos Security Topics - Virus, Malware, Web, Antivirus and Social Media Security Trends
Personally, I'm old school as shit, I've been using a program called EditPro since oh 1990 I suppose lol It's pure text based simplicity with keyword highlighting:
That's some pro-bono work I'd done for Veteran's Party of Alaska (their political platform, thought it was appropriate for the board heh)
As an added FYI for ya'll, the items I've circled in red on there are the scant body of evidence that our gov is linking the coding of the malware to Russian's with. Those are customize-able "identifiers" that the coder can name themselves, ( aka class="mainlink" and id="vpofa" and maybe src="menudeco.gif" ) - that is what our government based their supposed claim that they "traced the malware to keyboards" bullshit on - those bits being in Russian (the language of 180million - it's ******* laughable.)
Anyway, the text in there that is written in red, blue, and green are the keywords of the programming language (In this case, HTML and CSS - the code for simple webpage's) Those keywords don't come in foreign languages, they are always English. That holds true for all programming languages; generally because American's wrote the compilers (the program that turns the code into an executable; which is the kind of 1s and 0s language the computer reads - be that DOS, which is the layer beneath Windows, Windows itself, the web browser itself, the document readers itself, etc. all of the "applications" [as they call them these days] are coded in English.)
EDIT: For clarification, the text in the screenshot that's in black is the text that would display on the screen/webpage for the visitor to the website. The code for malware wouldn't include any of that because obviously it's intention is to remain unnoticed and gather data in the background, not blare out text messages to the infected user heh Too be fair, there's one other as well "comments" for HTML it looks like this <!-- "comment" --> and is basically used to let others know what the next part of the code does. That could also be in a foreign language, but frankly any hacker that comments their malware is a kiddy scripter or "white hacker" trying to help out others to understand what their program does, not a professional "cracker" or "black hacker" who would be engaged in espionage, where the goal is to hide what the code/malware actually does.
Essentially, if I were to write class="Главнаяссылка" instead of class="mainlink" our stupid government would allege that I'm Russian, and working for the Kremlin - aka they're dumbasses.
