Attackers Exploit Google Ads to Distribute DarkGate Malware via Fake Comet Browser Downloads

Attackers are leveraging Google Ads to distribute malware disguised as the official installer for Perplexity, a legitimate AI search tool. This campaign, monitored by DataDome, involves fake download links for Comet Browser, a legitimate browser. The malware distributed is associated with DarkGate, a known malware family with modular capabilities, including credential theft and additional payload delivery. The attack vector is concerning due to the trust users place in Google Ads. Users searching for Comet Browser or Perplexity may click on malicious ads, leading to the installation of DarkGate malware. This campaign highlights the ongoing challenge of malvertising, where even reputable ad networks can be exploited. Users should verify download links, even from trusted sources. From a cybersecurity perspective, endpoint protection and monitoring are crucial to detect and block malware like DarkGate. Cybersecurity firms like DataDome play a vital role in tracking and mitigating such threats. This campaign underscores the evolving tactics used by attackers to distribute malware by exploiting trusted platforms and impersonating legitimate software. Vigilance and robust security measures are essential to mitigate these threats.