"The attacker didn't build a convincing fake; they took the genuine Antigravity installer, added one additional step to run their PowerShell script during setup, and repackaged the result."
"Once activated, it can extract browser sessions, saved credentials, and other sensitive data, allowing attackers to access accounts almost immediately without needing passwords."
"The malware is designed to harvest sensitive data across multiple sources, including browser cookies and saved credentials, messaging and gaming platform logins, cryptocurrency wallet data and FTP credentials."
A trojanized installer mimicking the Google Antigravity download is compromising user accounts. The malicious installer, distributed via a typosquatted domain, includes a hidden PowerShell script that connects to attacker-controlled servers. This allows attackers to extract sensitive data, including browser sessions and saved credentials, without needing passwords. The malware can disable Windows protections and deploy additional payloads, targeting various sensitive information sources such as cryptocurrency wallets and messaging platform logins.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]