Lovable services phishing and malware-distribution campaign
Campaign
Summary
Hide ▲
Show ▼
The abuse of Lovable services has fueled numerous campaigns that distribute MFA phishing kits, malware loaders, and scam sites, raising the risk of credential theft, payment theft, and malicious downloads.
Related Happenings
UNC6783 BPO compromise campaign targeting downstream companies
Campaign
H score65
First: 09.04.2026 00:46
Last: 09.04.2026 00:46
Sources 1
About this happening:
**UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...
UNC6783 BPO compromise campaign targeting downstream companies
CampaignAbout this happening: **UNC6783** is an active **BPO compromise campaign** targeting **business process outsourcers** and large enterprises to reach downstream environments for **extortion**. The opera...
EvilTokens phishing-as-a-service operation expands device code phishing and BEC
Threat Actor Meta
H score44
First: 01.04.2026 22:42
Last: 01.04.2026 22:42
Sources 1
About this happening:
**EvilTokens** is part of a broader **phishing-as-a-service** ecosystem that packages **Microsoft 365 device-code phishing** for criminal operators. **Cisco Talos** described **AR...
EvilTokens phishing-as-a-service operation expands device code phishing and BEC
Threat Actor MetaAbout this happening: **EvilTokens** is part of a broader **phishing-as-a-service** ecosystem that packages **Microsoft 365 device-code phishing** for criminal operators. **Cisco Talos** described **AR...
Silver Fox South Asia phishing campaign
Campaign
H score34
First: 24.03.2026 18:00
Last: 24.03.2026 18:00
Sources 1
About this happening:
The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
Silver Fox South Asia phishing campaign
CampaignAbout this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical Analysis
H score25
First: 11.03.2026 18:38
Last: 11.03.2026 18:38
Sources 1
How related:
"PromptFix works only on Comet (which truly functions as an AI Agent) and, for that matter, also on ChatGPT's Agent Mode, where we successfully got it to click the button or carry out actions as instructed,"
About this happening:
**Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Perplexity Comet prompt-injection research shows agentic browsers can be trained into phishing traps
Technical AnalysisHow related: "PromptFix works only on Comet (which truly functions as an AI Agent) and, for that matter, also on ChatGPT's Agent Mode, where we successfully got it to click the button or carry out actions as instructed,"
About this happening: **Perplexity's Comet AI browser** is the focus of a **technical analysis** thread showing how **prompt injection** and **malicious URLs** can steer an agentic browser into **data...
Microsoft Entra device code phishing and vishing campaign
Campaign
H score40
First: 19.02.2026 14:30
Last: 19.02.2026 14:30
Sources 1
About this happening:
A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...
Microsoft Entra device code phishing and vishing campaign
CampaignAbout this happening: A **device code phishing campaign** is targeting **Microsoft 365 identities** through the **OAuth 2.0 device authorization flow**, letting attackers steal valid access tokens afte...
Timeline
-
20.08.2025 16:01 1 articles · 10mo ago
Lovable services abused to distribute phishing kits and malware
Initial DisclosureProofpoint reported numerous campaigns leveraging Lovable services to distribute MFA phishing kits like Tycoon, malware loaders, cryptocurrency wallet drainers, and phishing kits targeting credit card and personal information, with counterfeit Lovable-hosted sites redirecting to Microsoft-branded credential phishing pages, UPS impersonation pages, or downloads such as zgRAT; Lovable later removed malicious sites and added AI-driven security protections. The campaigns targeted users in countries including India, the U.K., Germany, France, Spain, Belgium, Mexico, Canada, Australia, the Czech Republic, Argentina, Japan, and Turkey, while excluding IP addresses from the U.S. and Israel.
Show sources
- Experts Find AI Browsers Can Be Tricked by PromptFix Exploit to Run Malicious Hidden Prompts — thehackernews.com — 20.08.2025 16:01