thats why if you check the first 3 or 4 chars AND ALSO the last 3 or 4 chars, you're good to go. 
i dont think malware can do that.
That's bad advice i dont think malware can do that.
Every native Segwit address has the same 4 characters ("bc1q") already, and the last 4 can quite easily be brute-forced. To be sure, just take 20 seconds and compare the full address.
See How to lose your Bitcoins with CTRL-C CTRL-V.
obviously i was referring to legacy addresses. ymmv with segwit.