But usually, as I have heard, the clone wallet or phishing wallet like installing a fake version of the electrum didn't have any malware infection in your device, but the problem is the revise the code.
The hackers are probably not interested in attaching easy to detect malware with their fake Electrum wallets. The majority of users have some sort of anti-virus software installed. As the time passes, the fake wallets would be recognized as malware and that is not something they want. They want a similar code to the original Electrum, with one difference: Your coins get sent to an address controlled by them.