Cybercriminals are abusing the Lovable AI website builder to create fraudulent sites for credential phishing, MFA/AiTM attacks, crypto wallet drainers, and malware delivery, often using CAPTCHA filters and posting stolen data to Telegram. Proofpoint observed tens of thousands of Lovable URLs in email campaigns (Feb–Jul 2025) and reported findings to Lovable, which implemented real-time and daily AI-driven protections; #Lovable #Tycoon #zgRAT #Aave
Keypoints
- Threat actors used the Lovable AI website generator to rapidly create and host phishing, fraud, and malware sites under lovable.app domains.
- Proofpoint observed tens of thousands of Lovable URLs in email data since February 2025, including large campaigns impacting thousands of organizations.
- Campaigns included Tycoon AiTM MFA phishing, UPS and banking credential harvesters posting results to Telegram, Aave-themed crypto wallet drainers, and malware distribution via redirect chains.
- Attack chains frequently used CAPTCHA landing pages or redirectors hosted on Lovable that led to branded credential phishing pages or payload downloads.
- Malware campaign delivered a RAR/EXE that sideloaded a trojanized PYTHON27.DLL running DOILoader to execute an encrypted payload (zgRAT) with C2 at 84.32.41.163:7705.
- Lovable removed reported malicious projects, added AI-driven real-time creation checks and automated daily scanning, and plans further account protections to block abuse.
- Proofpoint recommends organizations consider allow-listing controls for commonly abused tools and that AI tool creators implement stronger safeguards to prevent misuse.
MITRE Techniques
- [T1192] Spearphishing via Service – Actors distributed Lovable URLs in email and SMS to lure victims to phishing pages (“messages contained lovable[.]app URLs that directed recipients to a landing presenting a math CAPTCHA”).
- [T1531] Account Discovery – Use of Lovable free projects that are remixable allowed actors to reuse and adapt templates (“the “ups-flow-harvester” app … was publicly “remixable” on Lovable which means that anyone easily could change the layout and Telegram details”).
- [T1499] Endpoint Denial of Service (used as filtering via CAPTCHA) – CAPTCHA gates were used to filter or verify targets before redirecting to phishing pages (“presenting a math CAPTCHA which, if solved, redirected to a counterfeit Microsoft authentication page”).
- [T1556.001] Modify Authentication Process: Adversary-in-the-Middle – Tycoon PhaaS enabled synchronous relay to capture MFA and session cookies (“Adversary-in-the-Middle (AiTM) … utilizing synchronous relay capabilities provided by the Tycoon Phishing-as-a-Service (PhaaS) platform”).
- [T1190] Exploit Public-Facing Application (misuse of web builder) – Threat actors leveraged Lovable to create malicious web apps and redirectors to host credential harvesters and delivery pages (“threat actors are increasingly using an AI-generated website builder called Lovable to create and host credential phishing, malware, and fraud websites”).
- [T1105] Ingress Tool Transfer – Malicious payloads were hosted on external services (Dropbox) and delivered via Lovable redirectors (“Download URL … DE0019902001000RE.rar … hosted on Dropbox”).
- [T1218.011] Signed Binary Proxy Execution: Regsvr32/InstallUtil (sideloading/legitimate signed binary used to load trojanized DLL) – Attack used a renamed signed executable to sideload a trojanized PYTHON27.DLL which then ran DOILoader and executed zgRAT (“renamed legitimate and signed file … sideloaded the included PYTHON27.DLL which had been trojanized with DOILoader to run the encrypted payload in Vos.xwtx to run zgRAT”).
Indicators of Compromise
- [URL ] UPS impersonation landing and templates – hxxps://ups-flow-harvester[.]lovable[.]app/, hxxps://app-54124296d32502[.]lovable[.]app/
- [URL ] Microsoft/Tycoon phishing redirectors – hxxps://captcha-office-redirect[.]lovable[.]app/, hxxps://33eq8[.]oquvzop[.]es/CFTvqhHpUgs@x/ (Tycoon redirect)
- [URL ] Aave impersonation and redirectors – hxxps://aave-reward-notification[.]lovable[.]app/, hxxps://reward-aave[.]us/web3/
- [URL ] Malware redirect/download chain (Cookie Reloaded / Dropbox) – hxxp://lexware-invoice-deutsch-popup[.]lovable[.]app/, hxxp://www[.]dropbox[.]com/scl/fi/i6n7wcxpfi366wn46qngu/…/DE0019902001000RE.rar (download URL)
<li([IP ] ) C2 server for zgRAT – 84[.]32[.]41[.]163:7705