HQ/EMEAFind out how we can help your business
The infamous LabHost phishing-as-a-service (PhaaS) platform has been effectively taken down after a year-long international law enforcement investigation. As a result, 37 people in total—including the platform’s original developer—have been taken into custody. After its launch in 2021, LabHost gave attackers a profitable platform to launch advanced phishing attacks against banks and other services, mostly in North America.
Under the direction of Europol and with the assistance of key private sector partners, the operation found 40,000 phishing domains linked to LabHost, which served about 10,000 people globally. LabHost, which charges an average monthly subscription fee of $249, provides a variety of customizable illegal services that allow even inexperienced cybercriminals to launch assaults with ease.
UK Metropolitan Police arrests four involved individuals in the LabHost crackdown, including the platform’s creator.
Four people, including the platform’s original developer, were detained, according to the UK’s Metropolitan Police’s statement, totalling 37 arrests in the overall operation. Authorities calculate that from user subscriptions, LabHost’s operators earned almost $1,173,000, highlighting the substantial financial impact of the illegal business.
The LabRat tool, a real-time phishing management system that allows attackers to intercept two-factor authentication tokens and easily circumvent account security, was one of LabHost’s most notable features. Because of this feature, the malicious platform became the cybercriminals’ first choice, which fueled its explosive rise in the PhaaS industry.
Two hundred seven (207) servers hosting phishing websites created by LabHost were seized as a consequence of simultaneous raids conducted at 70 locations globally between April 14 and April 17, 2024, as part of enforcement proceedings. Of particular note, the Australian Joint Policing Cybercrime Coordination Centre (JPC3) was instrumental in breaking up a large chunk of LabHost’s infrastructure.
Investigators also discovered concerning proof of LabHost’s data theft, including 480,000 credit cards, 64,000 PINs, and a million passwords taken from other internet accounts. Immediately after the removal, 800 users received emails alerting them to the upcoming investigations.
The disruption of LabHost represents a major victory in the ongoing fight against cybercrime, but there are still unanswered issues about the platform’s October 2023 outage and its December 2023 return to full operations.
It is yet known if this disruption had anything to do with law enforcement, but the operation’s effects are felt across the digital security environment, underscoring the need for teamwork in impeding complex cyber attacks.
