~
I know, but I use it offline, so I don't need to send transactions from it, I just sign transactions.
i can think of at least 5 different ways that a malicious wallet can steal your funds without even needing any internet connection. it goes from simplest way of changing your payto field to advanced cryptographic ways of revealing your private key to the hacker without you even noticing since the transaction wouldn't look any different.
I'm thinking, maybe there's some way to get a hash of the installed Electrum, than match it with a hash of another installed Electrum that I verified beforehand? Or is it all just not worth it, and I should just download and verify Electrum, save it on a USB stick and use it with my cold storage?
downloading, verifying and installing that is always the safest option. anything else is a workaround and is not as safe since you may miss many things.
as for hashes there are about 400-500 files in the tarball that you install on Linux and you'll have to calculate hash of each file and check it against the real files!