If your device is already compromised, you already lost. Caring about phishing in that case is the last thing you should do..
The idea behind malware like this is that its much more difficult to detect, both by observation and by antivirus software, hostjacking require modifies one OS file, it doesn't need to constantly run in the background, it doesn't need to launch on startup, it can literally edit the hosts file and then delete itself and the damage is already done.