Hackers Target Perplexity’s Comet Browser Launch via Fake Apps, Malvertising, Domain Squatting
Published on October 23, 2025
- Coordinated campaign: Hackers’ coordinated campaign involves domain squatting, fraudulent mobile apps, and malvertising.
- Widespread impersonation: At least 13 domains and multiple fraudulent mobile applications on the Google Play Store are impersonating the official browser.
- Multiple attack vectors: The campaign uses various attack vectors, including SEO poisoning, fake download sites, and brand impersonation.
Following the July 2025 launch of the Perplexity AI browser, known as Comet, a sophisticated malicious campaign has been identified targeting interested users. Security researchers have uncovered a coordinated effort involving domain squatting, deceptive mobile applications, and fraudulent advertising.
Analysis of Attack Vectors and Malicious Domains
This campaign is designed to capitalize on the public's interest in the new browser, creating significant cybersecurity risks for those seeking to download it.
A threat research report by BforeAI warns that the timing of the malicious activity, with suspicious domains registered shortly after the browser's launch, indicates that threat actors are opportunistically monitoring emerging technology trends.
The campaign employs several attack vectors to ensnare victims. These include direct brand impersonation through malicious domains like perplexitycomet-ai.com and fraudulent mobile apps on the Google Play Store, such as "Comet AI Atlas App Info," which mimics official branding.
Threat actors are also using Search Engine Optimization (SEO) poisoning and malvertising to promote fake download sites that appear in search results for keywords like "Comet Browser download."
The investigation has also revealed a pattern of using international registrars and WHOIS privacy services to obfuscate the domains' true ownership, making attribution more difficult. Suspicious domains were registered after Comet's official launch in July 2025:
- cometai.net
- cometai.app
- cometailab.com
- cometai.site
- cometaibrowser.com
- perplexitycomet-ai.com
- cometbrowser.net
- aicometbrowser.com
Broader Cybersecurity Risks and User Recommendations
These Comet browser threats highlight a growing trend of attackers exploiting the hype around new technology launches.
The CEO of Perplexity has already issued public warnings about fake applications on app stores. "The Comet app currently on iOS App Store is fake and spam and not from Perplexity," Aravind Srinivas said on X on October 14, 2025.
Users are strongly advised to only download the browser from Perplexity's official website, perplexity.ai, and to be wary of any third-party ads or download links. Organizations should consider blocking the identified suspicious domains and implementing DNS filtering for known malicious registrars to mitigate risk.
While this campaign focuses on deception through fake installers, the legitimate Comet browser itself has been the subject of security research, with identified vulnerabilities related to prompt injection and potential data exfiltration.
April reports said Perplexity AI’s new browser collected user data for advertising purposes, raising privacy concerns.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular