Security alerts piled up for weeks. Strange login attempts from distant cities. Authentication prompts that felt off. Password resets and tighter 2FA seemed to help. Yet the nagging sense something remained wrong never faded. Then a simple Windows system tray glitch led one user down an unexpected path. The culprit? A persistent info-stealer that had operated quietly in the background. Its removal came not from traditional antivirus but from an agentic AI coding tool called Antigravity.
Oluwademilade Afolabi detailed the ordeal in a recent personal account. For nearly two months he fielded odd security warnings. Accounts triggered “was this you” messages. He changed passwords and enabled passkeys where possible. Standard responses. They never resolved the root issue. At the same time his Windows taskbar behaved strangely. The system tray loaded blank after every boot. Hovering sometimes revealed hidden icons. Restarting Windows Explorer fixed it temporarily. Reboots brought the problem back. MakeUseOf published his full story.
Frustrated, he turned to Antigravity. The tool, developed by Google and launched in late 2025, functions as an AI-powered development environment. It assists with code but also probes systems when tasked. Afolabi asked it to investigate the tray anomaly. Instead it scanned startup entries and processes. Two suspicious executables surfaced: eld1.exe and eld0.exe. Antigravity flagged them as components of a known info-stealer.
Names alone prove little. Malware authors rename files freely. Further checks confirmed the threat. An ANY.RUN sandbox analysis linked eld1.exe to credential theft. The sample targeted browsers, cryptocurrency wallets, email, messaging apps and password managers. It collected stored passwords, cookies, autofill data and session tokens. Nothing flashy. Just silent harvesting.
Persistence came through a classic method. The malware added itself to the HKCU\Software\Microsoft\Windows\CurrentVersion\Run registry key. It launched on every login. Such entries survive reboots and hide among legitimate startup items. Task Manager’s startup tab often misses them. The infection had sat active for months.
Antigravity removed the files and cleaned the registry entry. Yet questions lingered. How did it arrive? Backward timeline analysis pointed to a fake software installer downloaded weeks earlier. The target was Studio Pro, a digital audio workstation. The impostor file measured just 2.09MB. Real DAW installers run hundreds of megabytes or more. Afolabi ran it anyway. It dropped the executables quickly then stayed quiet. He later installed the genuine version. The legitimate software worked fine. The stealer had already embedded itself.
Fake installers exploit haste. Users seeking cracked or free versions of paid tools land on deceptive sites. One wrong click and the payload deploys. This case followed that pattern. The stealer siphoned browser data and cookies. Those artifacts let attackers bypass passwords and even some 2FA by hijacking active sessions. The flood of login alerts suddenly made sense.
But Afolabi’s experience reflects a larger pattern. Info-stealers have surged in recent years. They operate as Malware-as-a-Service on underground markets. Families like RedLine, Vidar and Raccoon dominate. A BitSight analysis from February 2025 notes their evolution into sophisticated tools sold on demand. Criminals pay low fees for access to harvested data troves. One 2025 breach tied to such malware exposed 183 million emails, per reports aggregated by Have I Been Pwned.
Recent campaigns show even broader reach. Microsoft’s February 2026 security blog highlighted infostealers crossing into macOS. Attackers use phishing, fake DMG files and social engineering tricks like ClickFix prompts. Python-based variants such as PXA Stealer spread via email lures aimed at government and education targets. They establish persistence with registry keys or scheduled tasks then exfiltrate via Telegram. “These campaigns leverage fileless execution, native macOS utilities, and AppleScript automation to harvest credentials,” the blog observed.
Another example involved WhatsApp abuse. Attackers sent messages that triggered multi-stage infections delivering Eternidade Stealer. This Delphi-based malware watches for banking sites, payment services and crypto exchanges. It monitors active windows for strings tied to Bradesco, Binance, Coinbase or MetaMask. The Microsoft report detailed how such platform abuse adds legitimacy to the delivery chain.
Even Google’s own Antigravity became a lure. In April 2026 attackers registered google-antigravity.com. They hosted a trojanized version of the legitimate 138MB installer. It ran normally at first. Hidden PowerShell code then downloaded a .NET stealer. The payload scanned Chromium and Firefox browsers, Discord, Telegram, Steam, FTP clients and crypto wallets. It grabbed passwords, autofill entries, cookies and session tokens. Persistence relied on scheduled tasks disguised as Microsoft Edge updates. The file masqueraded as conhost.exe running headless. Malwarebytes dissected the campaign in detail.
“The decrypted assembly is a .NET stealer. We can characterize it from its own class and method names, which describe its job in plain English,” the Malwarebytes researchers wrote. Session cookies drew special alarm. They enable instant account takeovers without needing passwords or fresh 2FA prompts. Victims often learn of compromise only after unauthorized transactions appear.
Defender exclusions formed a key part of the attack. The downloader added paths like ProgramData and AppData to Windows security exclusions. It disabled AMSI and targeted specific processes. Encryption used AES-256 with a hardcoded passphrase. All designed to evade detection long enough to ship data home.
Such tactics explain why traditional scanners sometimes miss these threats. Info-stealers avoid noisy behavior. They steal and phone home then delete traces. Rust-based variants like Myth Stealer, analyzed by Trellix in June 2025, add further evasion through compiled binaries that change rapidly. One version remained fully undetected during initial hunts.
Yet Afolabi’s case stands out. Antigravity succeeded where others failed. The tool did not act as dedicated antivirus. Its system inspection capabilities simply uncovered anomalies during a unrelated troubleshooting session. The tray bug, possibly unrelated or partially caused by the infection, provided the opening. After removal the suspicious logins ceased. The tray issue lingers. Some Windows shell quirks resist easy fixes.
Experts warn the threat shows no signs of slowing. Constella Intelligence reported in 2024 that 98 percent of breaches involved stolen personally identifiable information. Kaspersky tracked a 643 percent rise in infostealer infections over three years ending in 2023. Numbers have climbed since. MaaS models lower the barrier. Anyone with modest funds can deploy them.
Prevention demands layered habits. Verify download sources rigorously. Check file sizes against official releases. Avoid third-party sites promising cracked software. Monitor for unexpected processes or registry changes. Enable advanced endpoint detection. And treat unexpected security alerts as potential signals of deeper compromise rather than isolated events.
Afolabi closed his account on a wry note. The stealer spent months on his machine. Antigravity ended the stay. “So, to whoever spent months trying to squeeze their way into my accounts: gotcha,” he wrote. A single AI-assisted investigation accomplished what routine defenses had not. The incident underscores a shifting reality. Threats hide in plain sight. Tools built for development sometimes reveal them. And the battle against data thieves grows more complex with every new AI product that draws both legitimate users and opportunistic attackers.


WebProNews is an iEntry Publication