At most, a fake or malicious software wallet can push a malicious transaction to the hardware wallet. That transaction will only be signed and broadcast if the user presses the physical buttons on the Ledger device required to accept it. If the user rejects the transaction, then it cannot be signed and cannot be broadcast.
I agree. This is , as far as I understand, exactly the case in this recent exploit:
This path restriction was not enforced for the Bitcoin app and most of its derivatives, allowing a Bitcoin derivative (eg. Litecoin) to derive public keys or sign Bitcoin transactions.
https://donjon.ledger.com/lsb/014/As the user is already spending some altcoin, it is easy to be fooled and click the button for a bitcoin transaction while using a fake mew.
I will pay much more attention now when spending altcoins (I don't have much anyway)