The script loads selectively based on the UserID. and it replaces the withdrawal address for the hacker's wallet upon withdrawal. If you don't have 2FA enabled, FBC prompts you with an email to confirm withdrawal to the fraudulent address. For those with 2FA enabled, they've already lost their money, as their account don't require email confirmation. This is a really clever hack, as the user may get scared into better securing their account with 2FA, falling into the trap and losing their money in the end.