Of course this is just a concept to show how easy it is to find a "collision" when the checksum is very small. In practice the attacker needs the key to the malicious address which means they have to perform a process similar to generating a "vanity address", an address that has the same starting characters.
The extra 16 bit checksum is definitely adding an extra layer for authenticity check but but it doesn't slow down that process enough to be impactful.
P.S. Maybe the checksum algorithm could be changed into something far more expensive to make brute forcing harder. For example using a memory expensive KDF like scrypt with high iteration count.
I really appreciate your FEEDBACK, as I told earlier it is just a concept, exactly since you say it's easy to brute force, I'll dive into studying KDF, and thanks for your point.