Top AI website builder Lovable hit in worrying cyberattack - here's what we know
Date:
Thu, 21 Aug 2025 11:28:00 +0000
Description:
Crooks are abusing Lovable to generate convincing phishing sites, or deliver dangerous malware.
FULL STORY ======================================================================Hackers are using AI-powered website builders to quickly craft phishing sites Thousands of organizations have already been targeted Lovable is introduction different protections to combat the threat
Lovable, a popular AI website builder which allows users to craft quality websites by talking to the platform, is being heavily abused in different cybercriminal activities, experts have warned.
Security researchers at Proofpoint have revealed how, since February 2025, they have seen tens of thousands of Lovable URLs used in malicious campaigns, being distributed through phishing emails.
Cybercriminals are increasingly using an AI-generated website builder called Lovable to create and host credential phishing, malware, and fraud websites, Proofpoint said in its report. Lovable strikes back
The company added it has observed, "numerous campaigns leveraging Lovable services to distribute multifactor authentication (MFA) phishing kits like Tycoon, malware such as cryptocurrency wallet drainers or malware loaders,
and phishing kits targeting credit card and personal information.
Ever since the emergence of the first ChatGPT version, security researchers have been warning about AI tools lowering the barrier for entry into cybercrime.
At first, threat actors used Generative AI to craft convincing phishing emails, or write malware code quickly and efficiently. However, since website builders started integrating AI as well, criminals found a new toy to play with.
In February 2025 alone, Proofpoint claims to have seen a campaign leveraging file sharing themes to distribute credential phishing, which included
hundreds of thousands of messages and impacted more than 5,000 organizations.
Fortunately, Lovable isnt sitting with its hands crossed. One credential phishing cluster with hundreds of domains was taken down by Lovable the same week it was reported.
The company also told Proofpoint it recently implemented AI-driven security protections to make building phishing sites impossible, including real-time detections to prevent creation of malicious websites as users prompt the
tool, and automated daily scanning of published projects to flag potentially fraudulent projects. You might also like I tested 10 free AI website
builders. Here's what I found Take a look at our guide to the best authenticator app We've rounded up the best password managers
======================================================================
Link to news story:
https://www.techradar.com/pro/security/top-ai-website-builder-lovable-hit-in-w orrying-cyberattack-heres-what-we-know
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)