Trojanized Antigravity Installers Hijack Accounts in Minutes Via Stolen Session Cookies

A trojanized installer for Google's Antigravity coding tool delivers the real app while secretly stealing browser cookies, credentials, and crypto data for rapid account hijacks. Attackers use typosquatted domains and evasion tricks to bypass defenses.
Trojanized Antigravity Installers Hijack Accounts in Minutes Via Stolen Session Cookies
Written by Eric Hastings

Developers hunting for Google’s latest AI coding tool are walking into a trap. A fake download site at google-antigravity.com serves up what looks like the real deal: Antigravity_v1.22.2.0.exe, a 138MB installer packed with the legitimate app, Electron runtime, and all the trimmings. Run it. Everything works fine. But hidden inside lurks a PowerShell script that phones home to attackers, paving the way for account takeovers faster than you can say ‘session hijacking.’

Stefan Dasic, threat analyst at Malwarebytes, broke down the scheme on April 21. ‘The attacker didn’t build a convincing fake; they took the genuine Antigravity installer, added one additional step to run their PowerShell script during setup, and repackaged the result,’ he wrote. That extra step? A custom action buried in the MSI’s table, named something innocuous like wefasgsdfg amid a dozen legit ones for file extraction and admin checks.

The script drops into temp folders—scr5020.ps1 and pss5032.ps1, prefixes consistent despite random suffixes. It spoofs a Microsoft referrer, hits the system proxy, queries opus-dsn.com, then TCP-connects to 89.124.96.27 on port 443. Server says yes? Download and execute more code. No? Exit quietly. Flexibility for attackers. Swap payloads anytime.

Escalation kicks in three phases. First, evasion: Add-MpPreference exclusions for ProgramData, AppData, exes, MSIs, DLLs, PowerShell, regasm, rundll32, Edge, Chrome—obfuscated with backticks. Collect machine info: Windows version, domain, AV. RSA-encrypt with a public key. Beacon to opus-dsn.com as utm_content. Second, more exclusions for PNGs and conhost.exe. Registry tweak disables AMSI scanning. Third, persistence: Grab secret.png from captr.b-cdn.net—a BunnyCDN host. AES-256-CBC encrypted .NET assembly, key from PBKDF2 on a hardcoded passphrase. Save as C:\ProgramData\MicrosoftEdgeUpdate.png. Schedule MicrosoftEdgeUpdateTaskMachineCore{JBNEN-NQVNZJ-KJAN323-111} to run at logon, firing conhost.exe –headless for hidden PowerShell. Decrypt in memory. Reflective load.

A bonus non-persistent payload: GGn.xml, same BunnyCDN, different AES key, in-memory execution. The main stealer hits Chromium and Firefox browsers—Chrome, Edge, Brave—for passwords, autofill with credit cards, session cookies. Discord tokens. Telegram sessions. Steam. FTP creds. Crypto wallet files. APIs imported for clipboard grabs, keylogging. Even hidden desktops for stealth ops—no visible changes while attackers log in or transact.

Dasic nailed the real danger. ‘Session cookies are the part that should alarm most people, because they work faster than anything else. A stolen login cookie lets an attacker walk straight into a Gmail inbox or banking portal without needing a password or triggering two-factor authentication. The gap between infection and account takeover can be minutes.’ IBM X-Force echoed this in their OSINT advisory, noting the trojanized installer steals browser cookies, creds, crypto data, and enables clipboard hijacking plus hidden desktops, as detailed in their report at IBM X-Force.

This isn’t isolated. Antigravity, launched November 2025, draws devs like flies. Search results push the typosquat. TechRepublic covered it April 22, citing both Malwarebytes and IBM, warning of rapid risks from session theft in their article at TechRepublic. SecurityWeek reported April 22 how cybercriminals exploit the tool’s hype with malware, while researchers at Pillar Security found a now-patched RCE vuln from prompt injection bypassing Secure Mode sandbox—indirect attacks via tainted repo files, per SecurityWeek.

Evasion shines. PNG extension on binaries. Edge-like paths and task names. In-memory loads. Server-side decisions. SHA-256 for the installer: 61aca585687ec21a182342a40de3eaa12d3fc0d92577456cae0df37c3ed28e99. Domains: google-antigravity.com, opus-dsn.com, captr.b-cdn.net. Monitor those.

And it’s spreading fast. Posts on X warn of the trap. @ransomnews called it zero-detection malware dropping infostealers. @cybernewslive urged signing out sessions if sourced wrong. Developers pay the price.

Prevention? Download only from antigravity.google. Scan with tools like Malwarebytes. Watch PowerShell net connections to those IOCs. Suspicious? From a clean machine, log out all sessions on Google, Microsoft, banks, GitHub, Discord, Telegram, Steam, exchanges. Change passwords—email first. Rotate API keys, SSH, cloud creds. Nuke crypto to cold storage. Reinstall if needed. Dasic’s words: Assume compromise.

Antigravity’s buzz fuels this. Hype around AI tools invites predators. They repackage legit software. Wait for the hook. Strike silently. Devs must verify sources. Always.

Subscribe for Updates

AppSecurityUpdate Newsletter

Critical application security news and insights developers and security teams need—covering real-world vulnerabilities, emerging risks, and practical remediation without the noise.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us