If you do get any malware on your desktop, your private keys could get compromised, desktop wallets or not.
This statement itself is wrong.
If you have malware on your desktop PC, only those private keys which are stored on this pc will get compromised (considering they aren't secured in any other way, e.g. encryption).
I don't find it particularly reasonable to say that a paper wallet is more secure as a desktop wallet when it isn't generated securely most of the time, regardless of how big of a risk it is.
It's not wrong to say that paper wallets are secure. But the thing is, most people generate it and spend it online which makes it much less secure that it seems.
Paper wallets are safer than desktop wallets by definition.
Desktop wallet: Your private keys are on your PC the whole time.
Paper wallets: Your private keys shouldn't ever be on an PC which is connected to the internet.
Even if you create it on an online-pc, those private keys are still only stored there for a short amount of time.
Infections AFTER creating a paper wallet would not compromise those private keys. Where infections after you created a desktop wallets will lead to compromised private keys.
The statements that most people create their paper wallets online / on an online machine is not reasonable for me.
People who are taking the step to find out how to create paper wallets and how to use them properly won't create them on an unsecured PC.
Most of them are using a linux distro from which they boot to create the paper wallet without an internet connection.
In cases where paper wallets are generated on an online pc its the users fault for getting compromised.
Where with desktop wallets its (mostly) not the users fault since the only way you can assure your wallets doesnt get compromised is to not get infected with malware.
And this can't be guaranteed to never happen.