Cybercriminals Abuse AI Website Creation App For Phishing
Essential information
- Published
- 21/08/2025 00:37
- Modified
- 21/08/2025 12:24
- Tags
- 2025-08-21 ai-generated websites credential-theft cryptocurrency doiloader lovable platform malware delivery phishing tycoon zgrat
- Related entities
- 2 techniques (mitre), 3 malware, 3 others
Description
Cybercriminals are exploiting an AI-powered website creation platform called Lovable to generate fraudulent websites for credential phishing and malware delivery. The threat actors create or clone sites impersonating well-known brands, use CAPTCHA for filtering, and post stolen credentials to Telegram. Campaigns observed include Tycoon phishing, payment and personal data theft, cryptocurrency wallet draining, and malware distribution. The ease of use of such AI tools significantly lowers the barrier to entry for cybercriminals, allowing them to quickly create convincing phishing pages. While Lovable has implemented new security measures, organizations are advised to consider allow-listing policies for frequently abused tools.