It's not just about malware, but more about system stability and avoiding breaking your system by bad updates. Updates are atomic (all or nothing) Ideally if something goes wrong, the update isn't applied at all. If you manage to boot to a bad config, you can fix it by rebooting in to the previous known good config.
This is immensely valuable for appliance-type devices that aren't meant to be "administered" by end users, like the Steam-deck, set top boxes, even Android phones. For laptops / desktops I'm sure it has some value for people who want a stable base, with newer flatpak/AppImages for day to day use.
As for how updates and system packages are installed, I can't answer the specific technologies used, but I believe the principle is that an entirely new/complete filesystem "image" is created / layered on top. Then you reboot to the new image.