Trezor is open source and running only the signed firmware. This attack is not feasible in such circumstances, because everybody would see the "malicious tx-signing code" on github.
Also, RFC6979 is the answer to this problem that Trezor implements. With it, there is not a choice of k, thus the attack is not possible.
With a piece of software writing skills, you can initialize Trezor, use it to sign a couple of transactions, then import master private key into bip32.org, generate all private keys and verify that RFC6979 was used. This can be used with real or fake inputs in "blackbox testing" OR it can be used after some coins go missing to prove the maliciousness of the firmware...
Trezor is well designed and certainly better than using a PC, even an off-line PC with air gap. But it is not 100% safe. I already explained how a criminal can get around its safety features, by using social engineering or fake malicious hardware. The fact that people keep denying those risks only makes those risks more significant.
JorgeStolfi: I was talking about a situation when you have
TREZOR. Then this attack simply does not apply. I never said in my post that having a money in a fake bank is as safe as having them in a real bank. Please explain to me, how I'm denying this fact in my post.
However, I did say, that this is both blackbox testable
before you start using the device and that maliciousness is
backward provable after the device has been malicious. So the users who will be affected with this kind of attack have some tools to fight back.