Particularly anything that looks like wallet crackers is frequently full of malware-- as I assume people feel less worry of arrest and less moral concern with robbing other (wanna-be) thieves.
From my experience on bitcointalk ... It's often hard to prove it's malware, as a popular technique is to make the software phone home for some quasi legitimate looking purpose and then have an RCE vulnerability in the phone home interface.
It may even be the same guy that keeps making new trojans that work this way over and over again.
