Cybercriminals Abuse Vibe Coding Service to Create Malicious Sites

Proofpoint researchers report that threat actors are abusing Lovable's AI-powered 'vibe coding' platform to rapidly create convincing malicious websites used in large phishing and crypto scam campaigns. Observed activity includes MFA phishing via AiTM (Tycoon PhaaS), credential and session-cookie harvesting, payment data collection (including SMS codes), and distribution of wallet-drainers and loaders; Proofpoint saw tens of thousands of malicious Lovable URLs and campaigns affecting thousands of organizations, and Lovable has implemented security protections and takedowns in response.