Malvertising campaign exploits Comet browser

HackRead reports that the mounting popularity of Perplexity's Comet artificial intelligence browser has been exploited by threat actors in a malvertising campaign. Attackers have used Google Ads to promote the nefarious 'cometswift[.]com' and 'cometlearn[.]net' domains, which redirect to the counterfeit 'perplexity[.]page' site impersonating the Comet browser that includes a download button, noted DataDome Vice President of Threat Research Jerome Segura in a LinkedIn post. Clicking on the button downloads the 'comet_latest.msi' payload from a GitHub repository that may be enabling further payload delivery. Further analysis of the illicit activity has established an association with the password-stealing DarkGate malware, while the GitHub repository was found to have code comments in Russian, indicating the possible origin of its developer. Google has already been notified regarding the malicious ads for the Comet browser, according to Segura, who has also observed the use of such an attack tactic for other AI-powered web browsers.