Executive Summary: Malicious Activity Surrounding Perplexity's Comet Browser Launch
Date: October 2025
Author: PreCrime Labs, BforeAI
This report documents a comprehensive investigation into fraudulent and malicious activities targeting users seeking to download Perplexity’s Comet AI browser. The analysis reveals a coordinated campaign of domain squatting, fraudulent mobile applications, and deceptive advertising designed to capitalize on the legitimate Comet browser launch in July 2025.
Key Findings:
- 13 suspicious domains investigated with varying threat levels
- 2 critical-level mobile app threats identified on Google Play Store
- 8 domains registered in 2025 following Comet’s launch timeline
- Multiple attack vectors including fake downloads, malvertising, and brand impersonation observed on search engines.
Investigation Overview: Perplexity Comet Browser Threats
Scope of Investigation
The investigation examined over 40 suspicious domains and URLs, focusing on:
- Domain registration patterns and WHOIS data analysis
- Mobile application store impersonation attempts
- Fraudulent advertising and download sites
- TLD and registrar trend analysis
Contextual Timeline
- July 2025: Perplexity officially launches Comet browser for Perplexity Max subscribers ($200/month).
- August-October 2025: Surge in fraudulent domain registrations and fake applications.
- October 2025: Comet browser made free to all users globally.
Critical Findings
1. Direct Brand Impersonation
perplexitycomet-ai.com (No active content present)
- Registration: August 30, 2025
- Registrar: Name SRS AB (Sweden)
- Status: Connection timeout (Cloudflare Error 522)
- Evidence: Direct trademark infringement, privacy-protected registration, server issues suggesting takedown
aicometbrowser.com (No active content present)
- Registration: October 3, 2025 (12 days ago)
- Registrar: NameCheap, Inc.
- Evidence: Recent registration, Bodis domain parking, deceptive user interface
Different domains were observed promoting Comet Browser’s executable version from third party downloadable websites.
2. Mobile Application Threats
“Comet AI Atlas App Info” (Google Play Store)
- Package ID: com.atlasaicomet.webguide
- Developer: BPSK
- Developer Email:
[email protected] - Evidence:
- Direct impersonation of Comet browser
- Developer creates numerous low-quality wallpaper apps
- Fraudulent use of “Comet AI” and “Atlas” branding
- Listed in lifestyle category rather than browsers
Perplexity CEO Warning: Recent public warning from Perplexity CEO Aravind Srinivas on October 14, 2025: “The Comet app currently on iOS App Store is fake and spam and not from Perplexity.”
Domain Registration Analysis
Registration Timeline Patterns
All suspicious domains were registered after Comet’s official launch in July 2025:
| Domain | Registration Date | Registrar | Threat Level |
|---|---|---|---|
| cometai.net | 2025-04-04 | GoDaddy.com, LLC | Medium |
| cometai.app | 2025-05-12 | GoDaddy.com, LLC | Low |
| cometailab.com | 2025-05-13 | Squarespace Domains LLC | Low |
| cometai.site | 2025-07-05 | REG.RU, LLC | High |
| cometaibrowser.com | 2025-07-11 | Dynadot Inc | High |
| perplexitycomet-ai.com | 2025-08-30 | Name SRS AB | Critical |
| cometbrowser.net | 2025-09-25 | HOSTINGER operations, UAB | High |
| aicometbrowser.com | 2025-10-03 | NameCheap, Inc. | Critical |
TLD Distribution Analysis
- .com domains: 5 (38.5%) – Most targeted for commercial impersonation
- .net domains: 2 (15.4%) – Alternative commercial extensions
- Country-specific TLDs: .ru (Russian) – 1 domain with connection issues
- New gTLDs: .online, .site, .app, .ai – 4 domains targeting tech-savvy users
TLD Distribution Analysis
- GoDaddy.com, LLC: 2 domains (including one parked for $9,999)
- Privacy Protection Services: Multiple domains using WHOIS privacy
- International Registrars: REG.RU (Russia), Name SRS AB (Sweden)
- Budget Registrars: NameCheap, Hostinger – popular for quick domain acquisition
As a part of this research, we have observed notable use of privacy protection services, and all the domains were recently registered, that is, from 2025. Many domains made use of international registrars for obfuscation.
Attack Vectors Identified
1. Domain Squatting and Parking
- cometai.net: Parked for $9,999 on GoDaddy
- cometaibrowser.com: Privacy-protected parking on Afternic
- cometbrowser.net: Hostinger parking page
2. Search Engine Optimization (SEO) Poisoning
Multiple domains targeting keyword variations:
- “comet ai browser”
- “comet browser download”
- “perplexity comet”
- “ai comet browser”
3. Mobile App Store Impersonation
- Fraudulent apps on Google Play Store
- Use of similar naming conventions
- Targeting users searching for “Comet browser”
4. Malvertising and Fake Downloads
Research has documented :
- Fake Google ads promoting fraudulent Comet downloads
- Malicious websites mimicking official download pages
- Social media advertising directing to fake sites
Security Research Context
Known Vulnerabilities in Legitimate Comet Browser
Multiple security researchers have identified vulnerabilities in the actual Comet browser:
- “Scamlexity” Attack (Guardio Labs, August 2025)
- Comet tricked into completing fraudulent purchases
- Auto-filled credit card details on fake e-commerce sites
- Fell for phishing emails and submitted credentials
- “CometJacking” Attack (LayerX Security, October 2025)
- Malicious URLs can hijack browser AI
- Exfiltration of emails, calendar data, and user memory
- Base64 encoding bypasses security protections
- Prompt Injection Vulnerabilities (Brave Research, August 2025)
- AI agent can be manipulated by malicious webpage content
- Cross-domain data access risks
- Insufficient separation between user commands and webpage content
Indicators of Compromise (IOCs)
All the suspicious domains identified during the research can be accessed here.
Recommendations
For Users
- Only download Comet browser from official Perplexity channels
- Verify URLs carefully – Official browser is accessible through perplexity.ai
- Avoid clicking on ads claiming to offer “Comet browser download”
- Report suspicious apps to app store providers
- Enable ad blockers and use reputable antivirus software
For Organizations
- Block suspicious domains identified in this report
- Implement DNS filtering for known malicious registrars
- Monitor for additional domain registrations using similar naming patterns
- Educate employees about AI browser security risks
For Perplexity
- Pursue takedown enforcement against direct impersonators
- Enforce PreEmptive monitoring to prevent squatting
- Work with app stores to remove fraudulent applications
- Continue security hardening based on researcher findings
Conclusion
The investigation reveals a sophisticated campaign targeting users interested in Perplexity’s Comet AI browser. Threat actors are using multiple attack vectors including domain squatting, mobile app impersonation, and malvertising to capitalize on the browser’s popularity.
The timing of domain registrations closely follows Comet’s launch timeline, indicating opportunistic cybercriminals monitoring for emerging technology trends. The use of international registrars, privacy protection services, and parking pages suggests coordination among threat actors.
Most concerning is the direct trademark infringement seen in domains like “perplexitycomet-ai.com” and mobile applications using the “Comet AI” branding. These represent clear attempts to deceive users into believing they are accessing official Perplexity services.
Organizations and individuals should remain vigilant when downloading new browser technology and verify authenticity through official channels only.
Explore our latest PreCrime™ Labs report:
Suspicious Domain Activity in Lead up to 2026 FIFA World Cup Tournament
Phishing Campaign Imitating U.S. Department of Education G5
Your move → Share with your peers!
