It’s an illustrative example of the economic incentive for attackers, instead of using the malware as a vehicle for ransomware, they prefer to use it as a mechanism for stealing credentials undetected, and then using those to launch follow up attacks from the compromised account.