Fake Google Antigravity Downloads Are Stealing Accounts in Minutes
🚨 Fake Google Antigravity Downloads Are Stealing Accounts in Minutes
Somebody went looking for Google’s new Antigravity coding tool this week, clicked download, ran the installer, and got exactly what they thought they were getting. Antigravity installed cleanly. A shortcut appeared on the desktop. The application opened and worked. Nothing looked or felt wrong. But behind the scenes, that installer can give your accounts, your data, and even your machine to an attacker, without breaking anything the user can see.
Google Antigravity launched in November 2025 and has been one of the most searched-for developer tools on the web ever since; the real product lives at antigravity.google. Hardly anyone new to the product has the real URL memorized, so when a user reached a hyphenated lookalike (what researchers call a typosquat domain) at google-antigravity.com, it was convincing enough at a glance.
The attacker didn’t build a convincing fake; they took the genuine Antigravity installer, added one additional step to run their PowerShell script during setup, and repackaged the result. The malicious step is one extra line in the MSI’s custom-action table, observed as a row named ‘wefasgsdfg’. Antigravity installs properly, but the malicious part is happening quietly, in a folder they’ll never open.
Somewhere in the middle of the install, the MSI runs a small helper script that drops two PowerShell files into the user’s temporary folder: scr5020.ps1 and pss5032.ps1. The first file was added by the attacker, and it has one job: open an HTTPS connection to opus-dsn.com, download whatever code the server sends back, and run it. Researchers call this pattern a downloader cradle, and its advantage to the attacker is flexibility. The real payload lives on their server, not inside the installer out in the wild, so they can swap it out, change targeting, or turn the operation off without touching the file users are downloading.
When the server decides a target is worth attacking, the follow-on script first makes Defender look the other way. It calls Add-MpPreference to exclude %ProgramData%, %APPDATA%, and specific file types (.exe, .msi, .dll) and processes (PowerShell, msedge.exe, chrome.exe) from scanning. After collecting a profile of the machine and sending it to opus-dsn.com, the script also disables Windows’ Antimalware Scan Interface by writing AmsiEnable=0 into HKLM\Software\Policies\Microsoft\Windows Script\Settings.
For persistence, it downloads ‘secret.png’ from captr.b-cdn.net, saving it to C:\ProgramData\MicrosoftEdgeUpdate.png. This file, an AES-256-CBC ciphertext wrapping a .NET assembly, is loaded by a scheduled task, nearly indistinguishable from a real Microsoft Edge update task, registered to fire at every logon. A second, non-persistent payload is also delivered. The decrypted assembly is a .NET stealer, scanning browsers, messaging apps, gaming platforms, FTP clients, and crypto wallets for Logins, Cookies, Autofills, and FtpConnections. Stolen session cookies enable attackers to bypass passwords and 2FA, leading to account takeover in minutes. The malware also includes capabilities for clipboard hijacking, keystroke logging, and ‘hidden desktop’ tradecraft.
