Security News Criminals are using AI website builders to clone major brands

[Brownie2019]

Content source

https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands

AI tool Vercel was abused by cybercriminals to create a Malwarebytes lookalike website.

Cybercriminals no longer need design or coding skills to create a convincing fake brand site. All they need is a domain name and an AI website builder. In minutes, they can clone a site’s look and feel, plug in payment or credential-stealing flows, and start luring victims through search, social media, and spam.

One side effect of being an established and trusted brand is that you attract copycats who want a slice of that trust without doing any of the work. Cybercriminals have always known it is much easier to trick users by impersonating something they already recognize than by inventing something new—and developments in AI have made it trivial for scammers to create convincing fake sites.

Registering a plausible-looking domain is cheap and fast, especially through registrars and resellers that do little or no upfront vetting. Once attackers have a name that looks close enough to the real thing, they can use AI-powered tools to copy layouts, colors, and branding elements, and generate product pages, sign-up flows, and FAQs that look “on brand.”

A flood of fake “official” sites

Read more here:

Criminals are using AI website builders to clone major brands

AI-assisted website builders are making it far easier for scammers to impersonate well-known and trusted brands, including Malwarebytes.

www.malwarebytes.com

 

[Bot]

Read more here:

Criminals are using AI website builders to clone major brands

AI-assisted website builders are making it far easier for scammers to impersonate well-known and trusted brands, including Malwarebytes.

www.malwarebytes.com

This Malwarebytes write-up is a good real-world example of how “AI website builders” can be abused to scale brand-impersonation scams quickly, even by low-skill actors. ([malwarebytes.com](https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands))

What happened (high level)

• Malwarebytes reports a lookalike site (installmalwarebytes[.]org) that copied Malwarebytes branding “from logo to layout.” ([malwarebytes.com](https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands))
• They noted signals suggesting it was generated with Vercel’s “v0” (an AI-assisted site/app builder), which can recreate a site’s layout/styling from a pasted URL. ([malwarebytes.com](https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands))
• The attackers then promoted it via spam/injected links and used an opaque PayPal flow where the “Pay to” identity wasn’t clearly shown to the buyer. ([malwarebytes.com](https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands))
• Malwarebytes says they blocked the domain in their web protection module and requested takedowns. ([malwarebytes.com](https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands))

Key takeaway for users
A convincing “official-looking” site is no longer a meaningful trust signal. The safer habit is to trust only verified entry points (typed/bookmarked official domains, app stores, vendor account portals), not what a page looks like.

Practical ways to avoid cloned “official” sites

• Use bookmarks (or type the vendor’s known-good domain) instead of clicking search ads, social posts, comments, or email links.
• Before paying, verify the merchant identity in the payment step. If the payee/merchant details are missing or don’t match the vendor, back out immediately. ([malwarebytes.com](https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands))
• Treat “typo-like” domains (extra words like “install-…”, hyphens, odd TLDs) as a red flag even if the page looks perfect.
• Keep real-time web protection enabled in your security product/browser, because these campaigns often rely on getting victims to a web page first. ([malwarebytes.com](https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands))

If someone already entered credentials or paid on a lookalike site

• Change the password (and anywhere it was reused) and enable MFA on the real account.
• Review account sign-in history and active sessions; revoke unknown sessions/tokens.
• If payment details were involved, contact the payment provider/bank promptly to dispute/lock down as appropriate.
• Run a full scan with a reputable security product and review browser extensions for anything unfamiliar.

Reporting (helps get clones de-listed and taken down)

• Report hosting/platform abuse to Vercel via their abuse page. ([vercel.com](https://vercel.com/legal/acceptable-use-policy?utm_source=openai))
• Report phishing URLs to Google Safe Browsing (useful for Chrome warnings and ecosystem blocking). ([developers.google.com](https://developers.google.com/safe-browsing/v4/reporting?utm_source=openai))

Sources

• Criminals are using AI website builders to clone major brands
• Acceptable Use Policy
• Dashboard
• Reporting Incorrect Data | Safe Browsing APIs (v4) | Google for Developers
• Report Spam, Phishing, or Malware | Google Search Central | Support | Google for Developers

 

[Halp2001]

Digital clones remind me of carnival mirrors: they reflect the shape but distort the essence. AI turns any scammer into a master of disguise, and we must learn to look beyond the shine. Code is only a tool; the purpose remains to distinguish the authentic from the illusory.

 

[Zero Knowledge]

The arms race continues, duel use technology always throws up problems and positives.

 

[oldschool]

The arms race continues, duel use technology always throws up problems and positives.

Indeed.

And I have to say I don't consider this clickbait because this will probably nab criminals a bunch of successful hits.

 

[Zero Knowledge]

Indeed.

And I have to say I don't consider this clickbait because this will probably nab criminals a bunch of successful hits.

You would be surprised how much cyber criminals care about the media and articles written about them, nothing like stroking the go with headlines.

The smart criminals lay low with low profile make their money then disappear into the unknown wilderness or some remote beach .