{"id":349322,"date":"2025-10-06T07:55:00","date_gmt":"2025-10-06T14:55:00","guid":{"rendered":"https:\/\/cms-articles.softonic.io\/es\/?p=397992"},"modified":"2025-10-06T07:57:33","modified_gmt":"2025-10-06T14:57:33","slug":"this-is-cometjacking-a-new-way-to-steal-all-your-data","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/this-is-cometjacking-a-new-way-to-steal-all-your-data\/","title":{"rendered":"This is CometJacking: a new way to steal all your data"},"content":{"rendered":"\n<p>Cybersecurity researchers have revealed a new attack called CometJacking, aimed at Perplexity&#8217;s Comet browser. <strong>This attack is based on injecting malicious prompts into seemingly harmless links, allowing the theft of sensitive data from connected services like Gmail and Calendar<\/strong>. The threat is activated by clicking on a crafted link, which causes the browser to execute a hidden prompt, capturing personal information and sending it to a server controlled by the attacker.<\/p>\n\n\n<h2 class=\"wp-block-heading\">A very serious security problem<\/h2>\n\n\n<p>The investigation has highlighted how a single poisoned link can transform an AI browser, <strong>which is considered a trusted assistant, into an internal threat. Michelle Levy, head of security research at LayerX, stated that &#8220;it&#8217;s not just about stealing data; it&#8217;s about hijacking the agent that already has the keys&#8221;<\/strong>. This type of attack bypasses Perplexity&#8217;s data protection measures using simple obfuscation tricks like Base64 encoding.<\/p>\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"AI Browser Allows Data Theft\" width=\"840\" height=\"473\" src=\"https:\/\/www.youtube.com\/embed\/y2S1_DtrUWU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><\/figure>\n\n\n<p>The CometJacking attack operates in five steps: it is activated when a victim clicks on a malicious link, either in a phishing email or on a webpage. <strong>Instead of directing the user to the intended destination, the link instructs the Comet browser&#8217;s artificial intelligence to execute a hidden prompt that captures user data and sends it to an endpoint controlled by the attacker<\/strong>.<\/p>\n\n\n<p>Despite the fact that Perplexity has categorized the findings as having &#8220;no impact on security,&#8221; the situation highlights the inherent vulnerabilities of native artificial intelligence tools. <strong>Organizations must review and improve controls to detect and neutralize these malicious prompts, as attacks can escalate into widespread campaigns, turning browsers into checkpoints within corporate networks<\/strong>.<\/p>\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Avast Free Antivirus\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-icon-s\/p\/2d9f9134-96d0-11e6-bf8f-00163ec9f5fa\/1408299994\/avast-Avast_Symbol_V2_Positive_Orange_256x256.png\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Avast Free Antivirus<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/avast.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\">DOWNLOAD<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/avast.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have revealed a new attack called CometJacking, targeting the Comet browser from Perplexity. This attack is based on the injection of malicious prompts within seemingly harmless links, allowing the theft of sensitive data from connected services like Gmail and Calendar. The threat is activated by clicking on a specially designed link, which causes the browser to execute a hidden prompt, capturing personal information and sending it to a server controlled by the attacker. A very serious security issue The research has highlighted how a single poisoned link can transform an AI browser, which is [&hellip;]<\/p>\n","protected":false},"author":9318,"featured_media":349323,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015,11143],"tags":[5605,3802,16880,1472,3854,13903,13511],"usertag":[],"vertical":[],"content-category":[6771,7176],"class_list":["post-349322","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-softwaresecurity","tag-ciberseguridad","tag-comet","tag-cometjacking","tag-hacking","tag-ia","tag-perplexity","tag-phising","content-category-ai","content-category-seguridad-privacidad"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/349322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9318"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=349322"}],"version-history":[{"count":2,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/349322\/revisions"}],"predecessor-version":[{"id":349329,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/349322\/revisions\/349329"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/349323"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=349322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=349322"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=349322"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=349322"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=349322"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=349322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}