It's a few things (source: I've worked on some large online B2B systems and seen signup flow funnel data for some even larger B2C systems):

1. Ease/laziness as others have mentioned. Even for a service that answers a real need, many users will bail out of the signup flow and just ... leave that need unsatisfied when they see a web form.

2. Underreported: google/apple sign-in buttons make it feel like you already have an account. The fact that the "grant access" new-signup request is a second screen and that "sign up" and "sign in" (with Google/Apple/Github/Facebook/etc.) are the same buttons to enter the funnel is huge. It's not that users are confused/forgetting whether they already have accounts (though some are); rather, it's psychological momentum created by the ambiguous language.

3. Trust and consistency. Nontechnical users just trust the recognizable brand buttons more. They don't necessarily know why/know how auth works, but they know that a lot of data breaches happen and are scared. The fact that the embed button almost always looks the same/familiar is massive. I suspect that it would also be a conversion killer if the "sign in with apple/google" buttons were styled to look totally different and not contain logos.

4. A lot of semi-technical folks don't like remembering passwords (and password managers--even good device-integrated ones--aren't as reliable at autofilling as a lot of casual users would like). Others know that it's a bad idea to reuse passwords. As a result, people use the button that doesn't require them to pick a password they'd have to remember.

5. Impression of privacy. Some (especially older) nontechnical users have a significant aversion to typing in their personal info (name/address/CC number) into online forms, so they pick the option that doesn't require that.

6. Technical people who prefer SSO because it gives (on the SSO provider side) a list of every integrated account; better permissions control (for services that integrate with e.g. Google for more than just login); a marginal chance of a little less data being stored on a service's servers versus the regular make-an-account option; somewhat fewer opportunities for a service to screw up auth by building it themselves wrong. This demographic is small compared to less technical users.

That's all presented without comment. Some of those points are based on exploitative provider behavior, or user ignorance. I'm just explaining the decisionmaking factors, not defending them.

Add all those up, and you definitely get a conversion killer.