The tl;dr here is that via a fake set of MS Office helper/add-ons, they manage to distribute an app that captures and replaces wallet addresses when a user copies/pastes, causing funds to get sent to the criminal wallet instead of the one the user wants.

Obviously, using MS Office and running Windows isn't a sign of someone worried about security in the first place, but I'd expect folks could also run projects to catch other people as well.