There are two separate checksum validation processes integrated in the Fedora Media Writer.
All Fedora images (except Atomic) have a SHA256 hash assigned when created. This hash is included in the release metadata that's included in Fedora Media Writer and also in the releases.json file that's provided as a part of Fedora Websites and served over HTTPS.
Fedora Media Writer then computes SHA256 hash of the ISO data being downloaded to check if the image is counterfeit or not.
All Fedora ISO images have an integrated MD5 checksum for integrity purposes.
Fedora Media Writer verifies this checksum right after the image is downloaded and also after the image has been written to a flash drive to verify if it has been written correctly.