What I don't understand is this. If would someone go through all that work and not try to make any money? I have Paypal accounts with cash balance, multple bank accounts.
The Malware could have specifically been decided to steal or mess with your crypto related accounts and not other accounts. There is a possibility that your login credentials leaked someone. Authorization emails can as well be deleted to avoid making you suspicious
Have you ever generated an API key from Coinbase Pro account?
Do your Coinbase pro and email accounts have 2-factor authentication?