The Attack Vector
As for how this can be exploited, do remember that the IP address doesn't have to be localhost, the attack vector in this is that a malicious attacker can map a different site (lets say, binance.com) and redirect it to their own server's IP, which would contain a phishing page that imitates Binance.
[...]
Why make things simple when you can make them complicated..
If your device already is compromised, there is no reason to additionally set up a phishing site.
You could just steal all credentials when they are being typed in.
I wouldn't afraid of this kind of phishing. If he already compromised your system, he already has access to all of the data stored on your PC and to everything you type in (i.e. login information / 2FA codes).
If your device is already compromised, you already lost. Caring about phishing in that case is the last thing you should do..