Cybercriminals are increasingly leveraging AI-driven website builders, particularly the Lovable platform, to launch sophisticated phishing campaigns and malware distribution networks, according to research by Proofpoint. With its user-friendly interface allowing users to create websites via simple text prompts, Lovable has become a haven for threat actors. This accessibility enables the rapid production of professional-looking phishing sites, undermining security efforts.
Major attacks documented by Proofpoint included a credential phishing operation in February 2025 that affected over 5,000 organizations, utilizing file-sharing themes and counterfeit authentication pages. Additional operations targeted personal information and financial data through impersonation campaigns, including a UPS fraud initiative and cryptocurrency scams aimed at draining wallets.
In response to these threats, Lovable has begun implementing real-time detection and automated scanning for malicious content while organizations are advised to adopt allow-listing policies for frequently abused platforms. The findings underscore the urgent need for enhanced security measures against AI tool exploitation in cybercrime.
Source link
