Fake Google Antigravity downloads are stealing accounts in minutes

A typosquatting campaign distributed a trojanized installer for the popular "Google Antigravity" developer tool that, while installing the legitimate app, executes a PowerShell downloader which can retrieve encrypted .NET payloads. The operation disables AMSI and Defender scans, creates stealthy persistence (an encrypted PNG dropped to ProgramData and a scheduled task that runs a headless conhost/PowerShell), and loads an in-memory info-stealer that harvests browser cookies, saved logins, messaging tokens, FTP credentials and crypto-wallet data; the report includes file hash and network IOCs for detection and response.