thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. 
i dont think malware can do that.
That's bad advice i dont think malware can do that.
Every native Segwit address has the same 4 characters already ("bc1q"), and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address.
See How to lose your Bitcoins with CTRL-C CTRL-V.