In the event of a man in the middle attack, a malware could change the destination address and ask the Ledger Wallet to sign it. As the Nano doesn't have a screen, you may wonder how it is possible to verify the address before signing the transaction.
The Nano is paired to a unique security card, which will be needed each time you need to make a payment.
When asked to sign a transaction to a payment address, the chip will select 4 random letters or numbers from the address and send it as a challenge to the wallet software. You will have to enter the corresponding symbol for each (using the security card), and only the correct combination will authorize the chip to sign.
So, if a malware changes the payment address, you will visually see that the random sampling does not correspond to the address you know.
Please watch this video for a more visual explanation of the process:
You can also pair a smartphone to your Nano and use it to verify all outgoing transactions. It is a much smoother process (you will do the security card pairing only once), and it is compatible with Android and iOS.