Cybercriminals Abuse AI Website Creation App For Phishing 

Key findings 

Threat actors are increasingly using an AI website generation platform to create fraudulent websites for credential phishing and malware delivery. 
Threat actors created or cloned websites that impersonated prominent brands, used CAPTCHA for filtering, and posted credentials to Telegram. 
The barrier to entry for cybercriminals has never been lower. 

Overview 

We are often asked about the impact of AI on the threat landscape. While we have observed that large language model (LLM) generated emails or scripts have so far had little impact, some AI tools are lowering the barrier for entry for digital crime. Take, for example, services that can create websites in minutes with the help of AI.  

Cybercriminals are increasingly using an AI-generated website builder called Lovable to create and host credential phishing, malware, and fraud websites. Proofpoint has observed numerous campaigns leveraging Lovable services to distribute multifactor authentication (MFA) phishing kits like Tycoon, malware such as cryptocurrency wallet drainers or malware loaders, and phishing kits targeting credit card and personal information.  

Lovable is a user-friendly application and website builder that makes it easy for people to create and deploy their designs using natural language prompts. People can write down, in text, their idea for a website, and Lovable automatically creates it. The app also provides hosting for created sites with the domain lovable[.]app. The service is free to use for up to five prompts per day, but the prompts can be very long and advanced, so each prompt can be used to create a full website. The hosting on lovable[.]app is also free; however, sites created with a free account will have a “Edit with Lovable” badge and other users can create their own sites based on other free sites without limitation. Only paying customers can remove the badge and make the projects private, and paying customers can also add custom domains while the sites are still hosted by Lovable. 

While a useful tool for people with limited web design knowledge, Lovable is being exploited by cybercriminals to create websites distributed via phishing attacks. In April 2025, Lovable was highlighted by security firm Guardio as a very simple and effective platform for criminals to abuse. Indeed, earlier this year, Proofpoint researchers were able to easily create fake websites with capabilities that impersonated prominent enterprise software to steal credentials and encountered no guardrails or errors in trying to create our fake phishing website.  

While this blog focuses on activity observed in email, Proofpoint researchers have also observed Lovable URLs abused in SMS data, including investment scams and banking credential phishing. 

Proofpoint reported its findings to Lovable, who then matched them with a cluster of credential phishing previously discovered by Lovable’s Trust and Safety team, as well as novel malicious sites. One credential phishing cluster with hundreds of domains was taken down by Lovable the same week. The company said it has also recently implemented AI-driven security protections to attempt to prevent threat actors from developing websites that enable fraudulent activity. According to the company, in July 2025, Lovable introduced both real-time detections to prevent creation of malicious websites as users prompt the tool, and automated daily scanning of published projects to flag potentially fraudulent projects. Lovable said it also plans to release additional security protections pertaining to user accounts to identify fraudulent activity and block malicious users proactively already this fall. 

Campaign details 

Proofpoint has observed tens of thousands of Lovable URLs detected as threats each month in email data since February 2025. The following are examples of observed campaigns. 

Tycoon phishing campaigns 

In February 2025, Proofpoint identified a campaign leveraging file sharing themes to distribute credential phishing. The campaign included hundreds of thousands of messages and impacted over 5,000 organizations. The messages contained lovable[.]app URLs that directed recipients to a landing presenting a math CAPTCHA which, if solved, redirected to a counterfeit Microsoft authentication page.  

Credential phishing lure. 

Phishing CAPTCHA. 

Microsoft credential phishing landing page. 

The page presented the user’s organization Azure Active Directory (AAD) or Okta Branding and was designed to harvest user credentials, multifactor authentication (MFA) tokens, and retrieve associated session cookies. This was achieved through the Adversary-in-the-Middle (AiTM) technique, utilizing synchronous relay capabilities provided by the Tycoon Phishing-as-a-Service (PhaaS) platform. 

Proofpoint observed additional Tycoon credential phishing campaigns distributed via Lovable URLs with similar domain patterns, including one in June 2025 that masqueraded as the target organizations’ human resources departments, with emails relating to employee benefits.  

Email impersonating HR, distributing Tycoon credential phishing. 

These campaigns included a similar attack chain, with Lovable URLs leading to a CAPTCHA that, when solved, redirected to a Microsoft-branded credential phishing website.  

Payment and personal data theft 

Shipping and logistics notifications are common themes used by scammers to steal personal and financial data, and Proofpoint has observed AI generated websites designed for this purpose. In June 2025, our researchers observed a campaign impersonating UPS, which included nearly 3,500 messages conducting payment and personal data harvesting. 

Lure impersonating UPS. 

These messages were sent via Zoho Forms and contained URLs or HTML attachments with URLs, all hosted via lovable[.]app. The messages either contained the URL leading to the landing page directly, or to a redirector, also using Lovable, that redirected to the landing page.  

Fake UPS website. 

The website impersonated UPS, which included functionality to collect personal information and credit card details, including SMS code harvesting. It then posted the stolen details to a Telegram channel. This malicious website is based on the “ups-flow-harvester” project on Lovable.  

The “ups-flow-harvester” project used by the actor (emphasis ours).  

Just like with other apps created for free, the “ups-flow-harvester” app which is the name of the template used, was publicly “remixable” on Lovable which means that anyone easily could change the layout and Telegram details to launch new campaigns with other branding, just using a chat prompt. As noted, all sites created with a free account can be repurposed, which means that even legitimate sites easily can be remixed and weaponized with just a prompt. Proofpoint reported this application to Lovable, and it was removed. With Lovable’s new policies, threat actors should not be able to as easily create such phishing sites.   

In addition to credit card theft, Proofpoint researchers have observed websites impersonating banks to steal credentials using branding aligning with the impersonated companies. In most cases, the websites will use a Lovable app for redirects leveraging CAPTCHAs that can be easily created with chat prompts.  

Example CAPTCHA that redirects to banking credential phishing website. 

In this case, the URL redirected to an MFA phishing kit currently under investigation by researchers. 

Crypto wallet drainer 

Proofpoint researchers have observed malware delivered via Lovable app, including campaigns focused on draining cryptocurrency wallets. In fact, many of the suspicious websites observed by Proofpoint appear to be related to cryptocurrency and related companies. In one campaign observed in June 2025, threat actors masqueraded as the decentralized finance (DeFi) platform Aave.  

Aave phishing lure.  

In this campaign, which included nearly 10,000 messages, emails were sent via SendGrid and contained SendGrid URLs. The URLs redirected to an app created using the Lovable AI platform, which impersonated Aave.  

Website redirect impersonating Aave built with Lovable. 

The web app then redirected to another website impersonating the Aave platform, which included functionality to connect a cryptocurrency wallet. The likely goal was to steal assets from any wallet that is connected. 

Malicious website likely designed to drain crypto wallets. 

While investigating the Lovable platform and sites built with this tool, Proofpoint identified multiple suspicious websites impersonating popular cryptocurrency brands and DeFi platforms that appeared to be designed to steal credit card details.  

Malware delivery 

At the end of July 2025, researchers identified a German language campaign impersonating a German software company.  

These messages contained either HTML attachments that redirected to Cookie Reloaded URLs, or Cookie Reloaded URLs directly in the message. Cookie Reloaded is a PHP URL redirect service used by multiple actors to filter and track payload downloads. 

In the campaign, Cookie Reloaded URLs redirected to an AI-generated Lovable web app that pretended to be a secure download site.  

Fake website pretending to be an invoice download. 

If the target clicked the download button, a popup opened that provided the password “RE2025” and another download button that led to the download of a RAR-file “DE0019902001000RE.rar” hosted on Dropbox. The RAR file contained the executable “Rechnung DE009100019000.exe” which was a renamed legitimate and signed file from Ace Stream, as well as dependencies. When the .exe was executed, it sideloaded the included PYTHON27.DLL which had been trojanized with DOILoader to run the encrypted payload in Vos.xwtx to run zgRAT. 

Proofpoint identified subsequent campaigns in English, targeting different organizations but leveraging the same techniques. 

Further investigation 

In June of 2025, Proofpoint researchers observed the landing pages being used as redirectors to malicious sites. However, when we discovered that the credit card credential harvester was sending both card data and personal information directly to Telegram from within the app itself we began to investigate what safeguards were in place.  

Using just one or two prompts, Proofpoint threat researchers were able to create fully functional phishing sites — including backend logic — as well as a working ClickFix project. The service also provided “feedback” and added its own clearly deceptive language to encourage more interaction from visitors. 

When it comes to both the malicious code and the manipulative language being used, some AI services will sometimes refuse to analyze it. For example, when we asked ChatGPT about a similar project, the response was: 

“Creating and deploying a website like the one you described would violate OpenAI’s usage policies and most likely also violate laws related to social engineering, phishing, and malware distribution in many jurisdictions.” 

This response shows a recognition for how a service can be abused to enable malicious behavior without appropriate guardrails, including facilitating cyberattacks. According to Lovable, their security updates will cut back on this type of abuse.   

Conclusion 

Some AI tools can significantly lower the barrier to entry for cybercriminals, especially those focused on creating social engineering content to appeal to the end user. Historically, it would take time and knowledge about website development to create believable landing pages. While it has always been possible to clone the HTML and CSS of existing websites, typically creating something new to either impersonate a known brand or masquerade as a legitimate business took time and effort from the adversary. With automatic web creation tools, threat actors can spend more time on the attack chain and tooling capabilities and incorporate AI generated social engineering into their toolkit. Creators of such tools should be mindful of opportunities for abuse and implement safeguards to prevent exploitation. These apps are used by legitimate people, but organizations should consider implementing allow-listing policies around frequently abused tools and software.   

Proofpoint would like to thank Lovable for their quick response to our inquiries and sharing information about updated security safeguards. 

Example indicators of compromise 

Indicator  

Description  

First Seen 

hxxps://ups-flow-harvester[.]lovable[.]app/ 

UPS Impersonation Landing Page 

15 June 2025 

hxxps://app-54124296d32502[.]lovable[.]app/ 

UPS Impersonation Redirector 

15 June 2025 

hxxps://captcha-office-redirect[.]lovable[.]app/ 

Microsoft Impersonation Phishing URL 

17 June 2025 

hxxps://33eq8[.]oquvzop[.]es/CFTvqhHpUgs@x/ 

Tycoon Redirect  

17 June 2025 

hxxps://aave-reward-notification[.]lovable[.]app/ 

Aave Impersonation SendGrid Redirect 

17 June 2025 

hxxps://reward-aave[.]us/web3/ 

Aave Impersonation Landing Page 

17 June 2025 

hxxp://lexware-invoice-deutsch-popup[.]lovable[.]app/ 

Cookie Reloaded Redirect target 

22 July 2025 

hxxp://www[.]dropbox[.]com/scl/fi/i6n7wcxpfi366wn46qngu/ 
DE0019902001000RE.rar?rlkey=ec07od5o0p41q02cq7e3kp5iq&st=7k1wp1ao&dl=1 

Download URL from Lovable 

22 July 2025 

84[.]32[.]41[.]163:7705 

zgRAT C2 

22 July 2025 Proofpoint Threat InsightRead More