@Pmalek, I don't think there is any difference between clipboard malware for HW or desktop/mobile wallets - the principle of operation is identical, malware will try to replace the original address with a fake one controlled by a hacker. The difference is that those who use HW have insurance that stems from the fact that they have to confirm the transaction at the touch of a button - while in desktop wallets most do not use the preview button before clicking the send button.
Clipboard malware, which is a bit more sophisticated, tries to make a difference by changing the original address to something similar, so that for those who even check an address, everything may seem fine.
An interesting article on how this malware works ->
Clipboard Hijacker Malware Monitors 2.3 Million Bitcoin Addresses 
