The PoC explained

By using the browser’s fullscreen API, some javascript to detect the browser, and a couple of images, we can (almost/fully) fool you into thinking you’re on the correct domain. Above is a PoC.

Although at first glance it may seem you leave the 127.0.0.1:5500 server, you never do. Let’s break it down.

The first view we see

The first view is just for demonstration purposes — a simple view with a legitimate link to MyCrypto. However, imagine this is used in the wild and it’s some sort of malicious crypto news site: someone’s blog explaining how to get started with MyCrypto, a malicious airdrop site promising free tokens, or whatever — anything to convince the user to click a valid <a href="https://mycrypto.com">MyCrypto.com</a> link.

The second view we see

Once the linked is clicked the browser is forced into fullscreen mode with some images displayed that appear to be the frame of the user’s browser. We’re using some simple javascript to detect which browser the user is running and show the correct browser frame images accordingly.

The third view we see

Now let’s pretend MyCrypto didn’t deprecate private keys on the web or you were using a product that asked for your private key. This is where the attacker would ask for your keys and record them as you type them in (shown below).

The fourth view we see

This part wouldn’t be verbose like the PoC, but this demonstrates that you never left the 127.0.0.1:5500 server and the browser was manipulated into looking like you were on MyCrypto.com.

Unless you are extra, extra vigilant, your private keys would have already been stolen at this point and funds wiped out.