Commonly, when creating a wallet, we are shown the
mnemonic code that can basically rebuild your wallet from scratch when imported into another wallet.
The problem is that whoever has access to these initial words will definitely have access to your entire wallet balance belonging to this
recovery seed.
Imagine there is a Trojan on your desktop or cell phone that has been programmed to detect recovery seeds, WIF private keys, extended private keys or any sensitive data that allows partial or full access to your funds in a deterministic wallet.
How can we be sure that these things are not monitoring your clipboard, your keyboard when you type totally random words that follow a pattern like 12 to 24 words? Or a screenlogger that takes a screenshot when it detects a seed on the screen and instantly sends it straight to the attacker's server?
We know that it is possible to develop this.The keylogging malware and overlay attacks
(which will create a fake screen for attackers to get the victim's private wallet information) that can execute all the forms of attack you listed are already developed. Another one is InnfiRAT malware which was detected years ago but what I believe is that we need to be careful of the environment we use the computer we use for our crypto activities, the websites we visit, use paid reputable antivirus, never share our computer, the device we use, and we need to use airgap computer for our wallet.