Lovable services phishing and malware-distribution campaign
Campaign
Summary
Hide ▲
Show ▼
The abuse of Lovable services has fueled numerous campaigns that distribute MFA phishing kits, malware loaders, and scam sites, raising the risk of credential theft, payment theft, and malicious downloads.
Related Happenings
UNC6783 BPO compromise campaign targeting downstream companies
Campaign
First: 09.04.2026 00:46
Last: 09.04.2026 00:46
Sources 1
About this happening:
**UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...
UNC6783 BPO compromise campaign targeting downstream companies
CampaignAbout this happening: **UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...
EvilTokens phishing-as-a-service operation expands device code phishing and BEC
Threat Actor Meta
First: 01.04.2026 22:42
Last: 01.04.2026 22:42
Sources 1
About this happening:
**EvilTokens** has been commercialized on **Telegram** as a continuously developed phishing-as-a-service kit, expanding **device code phishing** and **BEC** capabilities at scale....
EvilTokens phishing-as-a-service operation expands device code phishing and BEC
Threat Actor MetaAbout this happening: **EvilTokens** has been commercialized on **Telegram** as a continuously developed phishing-as-a-service kit, expanding **device code phishing** and **BEC** capabilities at scale....
Silver Fox South Asia phishing campaign
Campaign
First: 24.03.2026 18:00
Last: 24.03.2026 18:00
Sources 1
About this happening:
The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
Silver Fox South Asia phishing campaign
CampaignAbout this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
How related:
"PromptFix works only on Comet (which truly functions as an AI Agent) and, for that matter, also on ChatGPT's Agent Mode, where we successfully got it to click the button or carry out actions as instructed,"
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisHow related: "PromptFix works only on Comet (which truly functions as an AI Agent) and, for that matter, also on ChatGPT's Agent Mode, where we successfully got it to click the button or carry out actions as instructed,"
About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Microsoft Entra device code phishing and vishing campaign
Campaign
First: 19.02.2026 14:30
Last: 19.02.2026 14:30
Sources 1
About this happening:
A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...
Microsoft Entra device code phishing and vishing campaign
CampaignAbout this happening: A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...
Timeline
-
20.08.2025 16:01 1 articles · 9mo ago
Lovable services abused to distribute phishing kits and malware
Initial DisclosureProofpoint reported numerous campaigns leveraging Lovable services to distribute MFA phishing kits like Tycoon, malware loaders, cryptocurrency wallet drainers, and phishing kits targeting credit card and personal information, with counterfeit Lovable-hosted sites redirecting to Microsoft-branded credential phishing pages, UPS impersonation pages, or downloads such as zgRAT; Lovable later removed malicious sites and added AI-driven security protections. The campaigns targeted users in countries including India, the U.K., Germany, France, Spain, Belgium, Mexico, Canada, Australia, the Czech Republic, Argentina, Japan, and Turkey, while excluding IP addresses from the U.S. and Israel.
Show sources
- Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts — thehackernews.com — 20.08.2025 16:01