The release of Google’s Antigravity coding tool in late 2025 sparked massive interest across the developer community. With demand came opportunity—not just for innovation, but for exploitation. A recent campaign demonstrates how attackers weaponized that hype using a sophisticated trojanized installer that behaves exactly like the real product while silently compromising systems.
This article breaks down how the attack works, what makes it dangerous, and how users can protect themselves.
The Perfect Disguise: A Legitimate Installer with a Hidden Payload
The attack begins with a deceptively simple trick: a typosquatted domain. Instead of the legitimate antigravity.google, victims are redirected to a convincing lookalike such as google-antigravity[.]com.
From there, everything appears normal.
- The downloaded file (
Antigravity_v1.22.2.0.exe) is large (~138 MB), matching expectations - The installer runs without errors
- The application installs and functions correctly
This is not a fake application—it is the real Antigravity installer, repackaged with a single malicious modification.
The attacker inserted just one additional step into the installer’s execution flow: a PowerShell script triggered during setup. This subtle change is enough to compromise the system while remaining invisible to the user.
Under the Hood: How the Infection Works
1. Minimal Change, Maximum Impact
The installer’s MSI file contains standard setup actions. Among them, researchers identified a suspicious entry with a random name (wefasgsdfg)—the only malicious addition.
This step executes a PowerShell script that operates quietly in the background.
2. The Downloader Cradle
During installation, two scripts are dropped into the system’s temp directory:
scrXXXX.ps1– malicious scriptpssXXXX.ps1– legitimate helper script
The malicious script acts as a downloader cradle, meaning it does not contain the payload itself. Instead, it:
- Connects to
https://opus-dsn[.]com/login/ - Downloads remote code dynamically
- Executes it in memory
This design gives attackers flexibility—they can decide later whether to deploy the full attack or remain dormant.
3. Stealthy Initial Behavior
In many cases, nothing visibly harmful happens immediately:
- No files dropped
- No persistence created
- No antivirus alerts
The system simply “checks in” with the attacker’s server. Whether the attack escalates depends entirely on the operator’s decision.
When the Attack Escalates
If the attacker chooses to proceed, a second-stage script is delivered. This stage is far more aggressive and unfolds in three phases:
Phase 1: Disable Defenses
The malware modifies Microsoft Defender settings to exclude:
- Key directories (
%APPDATA%,%ProgramData%) - File types (
.exe,.dll,.msi) - Processes (PowerShell, browsers, system utilities)
It also disables AMSI (Antimalware Scan Interface), effectively blinding script-based detection.
Phase 2: Establish Persistence
The attacker:
- Downloads an encrypted payload disguised as a
.pngfile - Stores it in a system directory
- Creates a scheduled task mimicking legitimate Microsoft Edge updates
This task executes malicious code in memory using PowerShell, ensuring no obvious executable is written to disk.
Phase 3: Deploy Payloads
Two .NET assemblies are executed:
- Persistent payload – survives reboots
- In-memory payload – runs once, leaves no trace
What the Malware Actually Does
The payload is a fully capable information stealer. Its targets include:
- Browser data (passwords, cookies, autofill data)
- Messaging platforms (Discord, Telegram)
- Gaming accounts (Steam)
- FTP credentials
- Cryptocurrency wallets
The most critical threat is session cookie theft. These cookies allow attackers to bypass passwords and even two-factor authentication, enabling instant account takeover.
Additionally, the malware includes:
- Keystroke logging
- Clipboard hijacking (e.g., crypto address replacement)
- Hidden desktop functionality for remote interaction
This means attackers can operate invisibly on the infected machine.
Why This Attack Is So Effective
This campaign highlights a dangerous evolution in malware tactics:
- It uses real software, not fake clones
- It avoids detection by doing almost nothing initially
- It allows attackers to select targets manually
- It operates largely in memory, leaving minimal forensic evidence
Most victims may never realize they were exposed unless the attack is fully executed.
What to Do If You Installed It
If you suspect infection:
- Check for connections to known indicators (
opus-dsn[.]com,captr.b-cdn[.]net, IP89[.]124[.]96[.]27) - Log out of all accounts from a clean device
- Change passwords immediately
- Rotate API keys and credentials
- Move crypto assets to a secure wallet
- Monitor financial activity
- Reinstall Windows بالكامل
If it’s a work device, notify your security team immediately.
Our Opinion: A Wake-Up Call for Software Trust
This campaign is a strong reminder that traditional security instincts—like checking whether software “works”—are no longer sufficient. The attacker didn’t rely on broken interfaces or obvious red flags. Instead, they leaned into trust: delivering the exact product users expected, while quietly embedding control mechanisms underneath.
What stands out most is the strategic patience. The malware doesn’t immediately exploit every victim. It waits, profiles, and then selectively escalates. This shift toward human-in-the-loop cyberattacks makes detection significantly harder and more dangerous.
Equally concerning is the broader trend. Every major AI or developer tool launch now creates a predictable attack window. Users rush to try new tools, often skipping verification steps. Attackers are clearly exploiting this behavioral pattern with increasing precision.
In our view, the real issue is not just malware sophistication—it’s distribution trust. As long as users rely on search results instead of verified sources, typosquatting and supply-chain style attacks will continue to succeed.
Indicators of Compromise (IOCs)
File hashes (SHA-256)
61aca585687ec21a182342a40de3eaa12d3fc0d92577456cae0df37c3ed28e99 (Antigravity_v1.22.2.0.exe)
Network indicators
captr.b-cdn[.]net
google-antigravity[.]com
opus-dsn[.]com
89[.]124[.]96[.]27
