A brand new malvertising marketing campaign is benefiting from the recognition of Perplexity’s just lately launched Comet browser, tricking customers into downloading a malicious installer as an alternative of the reliable product.
The fraudulent advertisements seem on the high of Google search outcomes underneath domains similar to cometswift.com and cometlearn.internet, each selling what seems like a productiveness browser linked to Perplexity.
When clicked, the advertisements redirect to perplexity.web page, a faux touchdown web page mimicking the official Comet browser web site, full with a obtain button that hyperlinks to a malicious file hosted on GitHub.
The payload, named comet_latest.msi, is saved in a GitHub repository underneath the account "richardsuperman" and is believed to drop extra malware as soon as executed. In response to Jerome Segura, VP of Risk Analysis at DataDome, community telemetry signifies that the installer communicates with a command-and-control server hosted at icantseeyou.icu. VirusTotal scans hyperlink the exercise to DarkGate, a malware well-known for stealing passwords.
The continuing marketing campaign is one other case of attackers abusing Google Adverts and search outcomes, the place individuals search for one thing reliable however find yourself on a faux web site as an alternative. On this occasion, customers trying to find “Comet browser” are proven a misleading advert positioned above the true Perplexity hyperlink, main them to obtain malware from a web page that appears fully genuine.
Segura, who shared the findings on LinkedIn, mentioned his workforce has already reported the advert to Google. He famous that comparable ways are getting used in opposition to different AI-driven browsers similar to Arc, displaying that attackers are fast to use trending software program launches.
Evaluation of the GitHub repository revealed Russian-language code feedback, hinting on the developer’s origin or linguistic background. The repository, titled musical-engine, comprises Home windows Kinds code and uploaded property that match the malicious installer.
This complete episode reveals how briskly scammers transfer when one thing new and widespread hits the online. They make the most of the recognition and other people’s belief in acquainted platforms like Google Adverts. The most secure transfer is to skip the sponsored outcomes and go straight to the official web site every time it’s worthwhile to obtain software program.
