recently there have been a lot of discussion about this specific kind of malware (clipboard hijacker) which is basically looking at memory (clipboard) and changes any bitcoin address that enters it to the hacker's address.
it looks to me that using
BIP21 (Bitcoin URI Scheme) solves this issue very easily as nothing enters clipboard anymore, it just tells the pre-defined default application what to do (eg.
http://foobar.com tells the default browser to go to foobar.com using http protocol).
The URI scheme is really not a solution here and is only a method for those who are generally transacting using direct links and scanning QR code as automatically the addresses are inputted in address field. This isn't really a solution for the clipboard/copy-paste virus and still for people still preferring to copy and paste their crypto addresses they are still technically vulnerable to viruses like this that can alter your addresses.
my question is whether there is any way a malware could also intercept this process and change the address?
Just my two cents on this one, anything in the coding world can be hack and there is no definite and secure solution that will last a life time. That's why we always see news about newer versions of Electrum being launch instantly because older versions like the 3.3.3 and 3.3.4 are now susceptible to hacks and phishing attacks, that's why are Windows operating system are getting Windows Security updates, these are just examples of how are hackers are always discovering vulnerabilities and how the services will react to it. Nothing is safe just by relying on the service/program itself you as a user should always take extra precautionary measures using your computer.