Fake Google Antigravity Installer Can Steal Accounts in Minutes

A trojanized installer hosted on a typosquatted domain (google-antigravity.com) delivers the legitimate Google Antigravity app while executing a hidden PowerShell step that connects to attacker infrastructure; the second-stage payload can disable Windows protections, persist, and harvest browser cookies, saved credentials, crypto wallets, FTP credentials, and more, enabling near-immediate account takeover and covert remote access, according to Malwarebytes and IBM X-Force.