If I have my malware on your computer, I'm just going to use it to steal your cookie (any other sensitive information) directly rather than perform some convoluted roundabout XSS. :P
If you wanted to access a company's server, this actually sounds like a reasonable attack vector. Get malware on someone's computer and use it to perform SQL injections. It depends on what information the attacker is after.