It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use — and certainly more visually appealing than just raw text.
One example of web malware that uses GUIs are PHP webshells like r57.
Instead of the hacker manually submitting crafted GET/POST requests to the r57 PHP file, they can simply load the GUI file manager to modify directories or files with one of its many functions.
Source: Scuri check