Fake Google Antigravity installer steals logins and crypto

A trojanized Google Antigravity installer hosted at google-antigravity.com installs the real app while quietly launching a PowerShell downloader that connects to opus-dsn.com, enabling credential and wallet theft, according to new research.

The file, Antigravity_v1.22.2.0.exe, is a 138 MB copy of the genuine installer. It adds a single custom action inside the MSI, labeled “wefasgsdfg,” that runs a script during setup. The script drops two PowerShell files in the temporary folder, keeps a legitimate helper intact, and uses the other as a “downloader cradle” to reach https://opus-dsn.com/login via HTTPS through the system proxy. Network traffic resolves to 89.124.96.27. On many systems it only checks in and exits, leaving few traces until the operator decides to deliver a second stage.

When the server proceeds, a follow-on PowerShell payload weakens local defenses and fingerprints the machine. It calls Add-MpPreference, with minor obfuscation, to exclude key folders, file types (.exe, .msi, .dll) and processes (PowerShell, regasm.exe, rundll32.exe, msedge.exe, chrome.exe) from Microsoft Defender scans. It gathers the Windows version, Active Directory domain and installed antivirus, encrypts the data, and returns it to opus-dsn.com inside a benign-looking URL parameter. It then adds exclusions for .png files and conhost.exe and disables the Antimalware Scan Interface by setting AmsiEnable=0 in HKLM\Software\Policies\Microsoft\Windows Script\Settings.

For persistence, the malware downloads an encrypted file from captr.b-cdn.net/secret.png, saves it as C:\ProgramData\MicrosoftEdgeUpdate.png, and registers a scheduled task named MicrosoftEdgeUpdateTaskMachineCore{JBNEN-NQVNZJ-KJAN323-111}. At logon, the task runs conhost.exe in headless mode to start a hidden PowerShell process that decrypts the “PNG” in memory and loads a .NET assembly without writing a standard executable to disk. A second payload, GGn.xml, is fetched from the same host, decrypted with a different key, and run in memory once.

The decrypted stealer targets Chromium- and Firefox-based browsers, including Chrome, Edge and Brave, to extract saved passwords, autofill data and cookies. It searches for Discord tokens, Telegram sessions, Steam logins, FTP credentials and cryptocurrency wallet files. Code components support clipboard hijacking, keylogging and the creation of a hidden Windows desktop, which can enable covert interaction. Stolen session cookies can permit immediate account access without passwords or triggering multifactor authentication.

The operation leans on a typosquatted domain and heightened interest in new AI tools. Google’s Antigravity launched in November 2025 at antigravity.google. Users who do not recall the official URL may land on the hyphenated domain and run the repackaged installer, which delivers the real app while staging a backdoor.

Indicators tied to the campaign include google-antigravity.com for distribution, opus-dsn.com for command-and-control, captr.b-cdn.net for payload hosting, and IP address 89.124.96.27. Investigators identified the SHA-256 hash 61aca585687ec21a182342a40de3eaa12d3fc0d92577456cae0df37c3ed28e99 for the trojanized installer.

Many systems may show no clear signs of compromise if operators did not escalate on that device. People who installed Antigravity from outside antigravity.google are advised to review network logs for connections to the listed domains and IP from PowerShell processes, sign out of active sessions for major accounts from a clean device, change passwords starting with email, rotate credentials and keys used on the affected machine, move crypto funds from a safe environment, monitor financial statements, and consider a full Windows reinstall. On corporate devices, incident response teams should be alerted, since domain information collected by the malware can guide further targeting inside an organization.