Checksums are used to make sure that a file has not been modified or corrupted. When a file is created, a checksum is generated based on the contents of the file. This checksum is then stored along with the file. When the file is downloaded, the checksum of the downloaded file is compared to the stored checksum. If the checksums are the same, it means that the file has not been modified and is safe to use. If the checksums are different, it means that the file has been modified and may be unsafe to use.
If you hack a website and modify the download file, you would also have to change the stored checksum on the website to match the new checksum of the modified file. However, this would not necessarily be easy to do, and it would be very difficult to change the checksum without being noticed. Additionally, even if you did manage to change the checksum on the website, anyone who had previously downloaded the original file would still have the original checksum and would be able to detect that the file had been modified.