Isn't it enough to check just the fist 4-5 and last 4-5 characters?
It's probably enough, but I prefer a higher degree of certainty than just "probably".
I had that malware on my laptop once and the first three checked out.
Some sites allow you to only seep first part of the address before you copy it. The rest is covered by the "copy" button. Coinbase does it like that as well as many mobile wallets.
I've noticed that it that first 3 and last 3 never match. The malware or at least the one that I had focuses on matching the first 2 or 3 characters and that's it.
It's unable to match both first and last characters so it tries to math as many first characters as it can hoping the victim will not notice.