Those bugs are getting smarter.
They are. Wherever there is a niche that can exploited for gain you'll find entrepreneurs popping up to do just that.
The fallout of infostealers is often much worse than spam from stolen email account credentials. Be absolutely certain you've removed / cleaned / wiped the malware and then change your bank account credentials too.
Bad guys are pretty smart about monetizing stolen creds so don't forget to change pretty much anything attached to a credit card or bank account. For example iTunes, Amazon, Google Play, PayPal, etc. Also change the password to the email account each one of these accounts is tied to or they'll be able to bypass your new password with the password reset process which makes use of your email.