Custom malware disguaised as benign software was used to steal wallet addresses of cryptocurrenct holders for months.