My friend has recognized that he is at fault, it was on his end. He is going to send me another $1,000 USD in btc, this time, we will check things carefully.
This isnt some little blunder; its a security fuck-up that should be taken seriously. If he just tries to resend BTC again without solving the underlying issue he risks another $1,000. A simple check isnt enough. The malware can work in the background and switch the address once more without him noticing. Also, I suggest that next time he goes with smaller amounts first!