The code first checks for the existence of window.ethereum, an object injected by wallet extensions like MetaMask. If no wallet is found, it proceeds with a passive attack.