Authorities Shut Down Phishing Platform LabHost

LabHost platform, operating on the phishing-as-a-service (PhaaS) scheme, was shut down during a year-long operation by law enforcement agencies. Police compromised the platform’s infrastructure and arrested 37 suspects, including the LabHost developer.

The phishing platform, launched in 2021, allowed malicious actors paying a monthly subscription to conduct attacks using various phishing toolkits on banks and services in North America.

Additionally, LabHost provided infrastructure for hosting phishing pages and automated generation and distribution of phishing emails, enabling even low-skilled criminals to easily carry out their attacks.

In February 2024, cybersecurity company Fortra warned that LabHost was gradually evolving into a popular PhaaS platform, surpassing other players in the market.

Coordinated by Europol, an international law enforcement operation named PhishOFF and Nebulae began about a year ago, involving police from 19 countries worldwide and private sector companies, including Microsoft, Trend Micro, Chainalysis, Intel 471, and The Shadowserver Foundation.

Europol representatives reported that during the investigation, at least 40,000 phishing domains connected to LabHost were discovered, with over 10,000 users worldwide. Authorities estimated that the service operators earned around $1,173,000 from PhaaS subscriptions.

Investigators also found that LabHost operators stole about 480,000 bank cards, 64,000 PIN codes, and nearly a million passwords from various online accounts. In Australia alone, over 94,000 victims were identified, and around 70,000 in the UK.

“With an average monthly fee of $249, LabHost offered a range of illegal services that could be set up and deployed in just a few clicks,” said investigators.

Europol specialists particularly noted a powerful tool called LabRat, which set the service apart from competitors. LabRat was a real-time phishing campaign management tool, allowing cybercriminals to intercept two-factor authentication (2FA) tokens and bypass account protection.

Between April 14-17, 2024, law enforcement agencies globally conducted searches at 70 addresses simultaneously and arrested 37 individuals suspected of ties to the LabHost service.

Additionally, the Australian Joint Cybercrime Coordination Centre (JPC3) reported the destruction of 207 servers hosting phishing sites created with LabHost’s assistance. The UK police announced the arrest of four individuals involved in managing the service website and the “original developer of the platform.”

Soon after authorities took control of LabHost’s infrastructure, 800 users were warned that they would soon become subjects of new investigations.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment