A common method is social engineering. Making people install something that looks harmless on their computer... Either that, or phishing via email.
I recently found out a way and stole 7.5 bitcoin. (I'm no proud of it, I just am a broke mexican).
Most likely fake. Anyways, red trust from someone it DT in 3, 2, 1...