Threat Research Report: Malicious Activity Surrounding Perplexity’s Comet Browser Launch
嗯,用户让我总结一下这篇文章的内容,控制在一百个字以内。首先,我需要仔细阅读文章,抓住主要信息。文章是关于Perplexity的Comet浏览器发布后出现的恶意活动报告。 文章提到PreCrime Labs和BforeAI在2025年10月发布的报告,分析了围绕Comet浏览器的欺诈活动。主要发现包括13个可疑域名、2个关键级别的移动应用威胁,以及多个攻击向量如假下载、恶意广告和品牌仿冒。 接下来,我需要将这些信息浓缩到100字以内,同时保持内容的准确性和完整性。要避免使用“这篇文章”或“内容总结”这样的开头,直接描述文章内容。 可能的结构是:报告名称、发布机构和时间、主要内容(欺诈活动)、关键发现(域名和应用威胁)、攻击方式(假下载、广告等)。这样就能在有限字数内涵盖所有要点。 最后,检查语言是否简洁明了,确保没有遗漏重要信息。这样用户就能快速了解文章的核心内容。 </think> PreCrime Labs和BforeAI发布的2025年10月报告指出,围绕Perplexity的Comet AI浏览器发布,出现了多起恶意活动。这些活动包括13个可疑域名、2个关键级别移动应用威胁以及假下载、恶意广告和品牌仿冒等攻击方式。 2025-10-23 11:4:20 Author: bfore.ai(查看原文) 阅读量:11 收藏

Threat Research Report: Malicious Activity Surrounding Perplexity’s Comet Browser Launch

Threat Research Report Malicious Activity Surrounding Perplexity's Comet Browser Launch

Executive Summary: Malicious Activity Surrounding Perplexity's Comet Browser Launch

Date: October 2025
Author: PreCrime Labs, BforeAI

This report documents a comprehensive investigation into fraudulent and malicious activities targeting users seeking to download Perplexity’s Comet AI browser. The analysis reveals a coordinated campaign of domain squatting, fraudulent mobile applications, and deceptive advertising designed to capitalize on the legitimate Comet browser launch in July 2025.

Key Findings:

  • 13 suspicious domains investigated with varying threat levels
  • 2 critical-level mobile app threats identified on Google Play Store
  • 8 domains registered in 2025 following Comet’s launch timeline
  • Multiple attack vectors including fake downloads, malvertising, and brand impersonation observed on search engines.
Figure 1 Fake download sites appearing on search engines targeting Comet Browser by Perplexity
Figure 1: Fake download sites appearing on search engines targeting Comet Browser by Perplexity

Investigation Overview: Perplexity Comet Browser Threats

The investigation examined over 40 suspicious domains and URLs, focusing on:

  • Domain registration patterns and WHOIS data analysis
  • Mobile application store impersonation attempts
  • Fraudulent advertising and download sites
  • TLD and registrar trend analysis
  • July 2025: Perplexity officially launches Comet browser for Perplexity Max subscribers ($200/month).
  • August-October 2025: Surge in fraudulent domain registrations and fake applications.
  • October 2025: Comet browser made free to all users globally.

1. Direct Brand Impersonation

perplexitycomet-ai.com​ (No active content present)

  • Registration: August 30, 2025
  • Registrar: Name SRS AB (Sweden)
  • Status: Connection timeout (Cloudflare Error 522)
  • Evidence: Direct trademark infringement, privacy-protected registration, server issues suggesting takedown

aicometbrowser.com​ (No active content present)

  • Registration: October 3, 2025 (12 days ago)
  • Registrar: NameCheap, Inc.
  • Evidence: Recent registration, Bodis domain parking, deceptive user interface


Different domains were observed promoting Comet Browser’s executable version from third party downloadable websites.

Figure 2 Third party stores prompting for downloading of Comet browser packed as an executable
Figure 2: Third party stores prompting for downloading of Comet browser packed as an executable

2. Mobile Application Threats

“Comet AI Atlas App Info” (Google Play Store)​

  • Package ID: com.atlasaicomet.webguide
  • Developer: BPSK
  • Developer Email:
    [email protected]
  • Evidence:
    • Direct impersonation of Comet browser
    • Developer creates numerous low-quality wallpaper apps
    • Fraudulent use of “Comet AI” and “Atlas” branding
    • Listed in lifestyle category rather than browsers

Perplexity CEO Warning​: Recent public warning from Perplexity CEO Aravind Srinivas on October 14, 2025: “The Comet app currently on iOS App Store is fake and spam and not from Perplexity.”

Domain Registration Analysis

Registration Timeline Patterns

All suspicious domains were registered after Comet’s official launch in July 2025:

Domain Registrar Created Comments (predictions)
h1bpay.info Namecheap Inc. 2025-08-03 Payment bait, fake processing
touristvisausa.com Namecheap Inc. 2025-09-17 Fake tourist visa support
h1baware.com/h1beware.com GoDaddy.com, LLC 2025-09-19 Fear-mongering, urgency scams
h1blocked.com Namecheap Inc. 2025-09-20 Claims to protect applicants
h1bsupport.com GoDaddy.com, LLC 2025-09-20 Fake help/support
h1brides.com Cloudflare, Inc. 2025-09-21 Social engineering angle
globalvisabusiness.com GoDaddy.com, LLC 2025-09-17 Legitimate lookalike
trumpplatinumvisa.com GoDaddy.com, LLC 2025-09-22 Politically motivated scam bait

TLD Distribution Analysis

  • .com domains: 5 (38.5%) – Most targeted for commercial impersonation
  • .net domains: 2 (15.4%) – Alternative commercial extensions
  • Country-specific TLDs: .ru (Russian) – 1 domain with connection issues
  • New gTLDs: .online, .site, .app, .ai – 4 domains targeting tech-savvy users

TLD Distribution Analysis

  • GoDaddy.com, LLC: 2 domains (including one parked for $9,999)​
  • Privacy Protection Services: Multiple domains using WHOIS privacy
  • International Registrars: REG.RU (Russia), Name SRS AB (Sweden)
  • Budget Registrars: NameCheap, Hostinger – popular for quick domain acquisition

As a part of this research, we have observed notable use of privacy protection services, and all the domains were recently registered, that is, from 2025. Many domains made use of international registrars for obfuscation.

Figure 3 Top 5 Registrars by Domain Count
Figure 3: Top 5 Registrars by Domain Count

Attack Vectors Identified

1. Domain Squatting and Parking

  • cometai.net: Parked for $9,999 on GoDaddy​
  • cometaibrowser.com: Privacy-protected parking on Afternic​
  • cometbrowser.net: Hostinger parking page​

2. Search Engine Optimization (SEO) Poisoning

Multiple domains targeting keyword variations:

  • “comet ai browser”
  • “comet browser download”
  • “perplexity comet”
  • “ai comet browser”

3. Mobile App Store Impersonation

  • Fraudulent apps on Google Play Store
  • Use of similar naming conventions
  • Targeting users searching for “Comet browser”

4. Malvertising and Fake Downloads

Research has documented :​

  • Fake Google ads promoting fraudulent Comet downloads
  • Malicious websites mimicking official download pages
  • Social media advertising directing to fake sites

Security Research Context

Known Vulnerabilities in Legitimate Comet Browser

Multiple security researchers have identified vulnerabilities in the actual Comet browser:

  1. “Scamlexity” Attack (Guardio Labs, August 2025)​
    1. Comet tricked into completing fraudulent purchases
    2. Auto-filled credit card details on fake e-commerce sites
    3. Fell for phishing emails and submitted credentials
  2. “CometJacking” Attack (LayerX Security, October 2025)​
    1. Malicious URLs can hijack browser AI
    2. Exfiltration of emails, calendar data, and user memory
    3. Base64 encoding bypasses security protections
  3. Prompt Injection Vulnerabilities (Brave Research, August 2025)​
    1. AI agent can be manipulated by malicious webpage content
    2. Cross-domain data access risks
    3. Insufficient separation between user commands and webpage content

Indicators of Compromise (IOCs)

All the suspicious domains identified during the research can be accessed here.

All the suspicious domains identified during the research can be accessed here.

  1. Only download Comet browser from official Perplexity channels
  2. Verify URLs carefully – Official browser is accessible through perplexity.ai
  3. Avoid clicking on ads claiming to offer “Comet browser download”
  4. Report suspicious apps to app store providers
  5. Enable ad blockers and use reputable antivirus software
  1. Block suspicious domains identified in this report
  2. Implement DNS filtering for known malicious registrars
  3. Monitor for additional domain registrations using similar naming patterns
  4. Educate employees about AI browser security risks
  1. Pursue takedown enforcement against direct impersonators
  2. Enforce PreEmptive monitoring to prevent squatting
  3. Work with app stores to remove fraudulent applications
  4. Continue security hardening based on researcher findings

The investigation reveals a sophisticated campaign targeting users interested in Perplexity’s Comet AI browser. Threat actors are using multiple attack vectors including domain squatting, mobile app impersonation, and malvertising to capitalize on the browser’s popularity.

The timing of domain registrations closely follows Comet’s launch timeline, indicating opportunistic cybercriminals monitoring for emerging technology trends. The use of international registrars, privacy protection services, and parking pages suggests coordination among threat actors.

Most concerning is the direct trademark infringement seen in domains like “perplexitycomet-ai.com” and mobile applications using the “Comet AI” branding. These represent clear attempts to deceive users into believing they are accessing official Perplexity services.

Organizations and individuals should remain vigilant when downloading new browser technology and verify authenticity through official channels only.

Explore our latest PreCrime™ Labs report:

Suspicious Domain Activity in Lead up to 2026 FIFA World Cup Tournament

Phishing Campaign Imitating U.S. Department of Education G5

Ready to see BforeAI in action?
Get a personalized demo

Talk to one of our experts and deploy in minutes.
No implementation needed. Works right out of the box!


文章来源: https://bfore.ai/report/malicious-activity-surrounding-perplexity-comet-browser-launch-threat-research/
如有侵权请联系:admin#unsafe.sh