Malicious: unlikely. As said earlier, malicious activity cannot be noticed in trivial ways. See:
Malware, Computer Viruses, Firmware Trojans and Antivirus Scanners
If you don’t believe that, look videos about Trojan horses etc. Malware is also “just another” commercial product or even open source. Therefore their usage, capabilities etc. are described like in advertising material for other products.
At no point the victim of a torjan horse will trivially notice it. There is zero reason for already memory resident malware to mess with fonts or to open links. Malware which allows to remotely control a victim machine is similar to an SSH / VNC session - just that the victim cannot easily know that an SSH / VNC session is running. Similar as for SSH there is no reason to mess with fonts, there is no reason to mess with fonts by malware.
Except. The attacker wants the victim to notice something. Zersetzung