Fake Google Antigravity Downloads Are Stealing Accounts in Minutes
Attackers are using a fake download site for Google’s Antigravity coding tool to spread a trojanized installer that looks legitimate — because it actually installs the real app while secretly infecting the computer in the background.
How the Attack Works
Once triggered, the malware can contact a remote server, weaken Windows Defender protections, establish persistence, and load additional malicious code directly into memory to avoid detection.
What Gets Stolen
The malware’s main purpose is to steal sensitive data, which can let attackers take over accounts within minutes — without needing passwords or two-factor codes. Targeted data includes:
- Browser passwords
- Session cookies
- Autofill data
- Chat and gaming logins
- FTP credentials
- Cryptocurrency wallet files
More Than a Simple Password Stealer
The malware also includes tools for keylogging, clipboard hijacking, and even hidden desktop activity, making it significantly more dangerous than a simple password stealer.
A Growing Pattern Targeting AI Tool Users
More broadly, this is part of a growing pattern where popular new AI tools quickly attract convincing fake sites and poisoned installers aimed at eager early users. As excitement around new AI releases builds, attackers are ready to exploit that enthusiasm with sites and downloads that look completely authentic.
The takeaway: Always download AI tools directly from official sources, and stay alert for lookalike sites — especially when a new tool is generating buzz. A few extra seconds of verification can prevent a serious security breach.
