A new malvertising campaign is taking advantage of the popularity of Perplexity’s recently released Comet browser, tricking users into downloading a malicious installer instead of the legitimate product.
The fraudulent ads appear at the top of Google search results under domains such as cometswift.com and cometlearn.net, both promoting what looks like a productivity browser linked to Perplexity.
When clicked, the ads redirect to perplexity.page, a fake landing page mimicking the official Comet browser site, complete with a download button that links to a malicious file hosted on GitHub.
The payload, named comet_latest.msi, is stored in a GitHub repository under the account "richardsuperman" and is believed to drop additional malware once executed. According to Jerome Segura, VP of Threat Research at DataDome, network telemetry indicates that the installer communicates with a command-and-control server hosted at icantseeyou.icu. VirusTotal scans link the activity to DarkGate, a malware well known for stealing passwords.
The ongoing campaign is another case of attackers abusing Google Ads and search results, where people look for something legitimate but end up on a fake site instead. In this instance, users searching for “Comet browser” are shown a deceptive ad placed above the real Perplexity link, leading them to download malware from a page that looks completely authentic.
Segura, who shared the findings on LinkedIn, said his team has already reported the ad to Google. He noted that similar tactics are being used against other AI-driven browsers such as Arc, showing that attackers are quick to exploit trending software launches.
Analysis of the GitHub repository revealed Russian-language code comments, hinting at the developer’s origin or linguistic background. The repository, titled musical-engine, contains Windows Forms code and uploaded assets that match the malicious installer.
This whole episode shows how fast scammers move when something new and popular hits the web. They take advantage of the popularity and people’s trust in familiar platforms like Google Ads. The safest move is to skip the sponsored results and go straight to the official website whenever you need to download software.
