SheByte, a newish Phishing-as-a-Service platform, is the latest go-to resource for credential-stealing cybercriminals, using the site to target dozens of commercial banks, email providers, and more across the US and Canada – including big names like HCBC and TD Bank.
That’s according to new Fortra research blog profiling the SheByte threat actor, released on Thursday.
Apparently, hackers have been flocking to the platform ever since the 2024 take-down of LabHost, considered one of the largest phishing-as-a-service (PHAAS) platforms in operation at the time.
Seized by the FBI and Europol last April, LabHost is said to have facilitated attacks on the users of hundreds of financial institutions worldwide – all for a monthly subscription fee.
Seized by the FBI and Europol last April, SheByte wasted no time in following almost the exact business model and offering many of the same features on its platform, successfully filling the PHAAS niche that LabHost had left behind.
With a brand-new logo depicting a Betty Page cartoon character, SheByte is said to have teased its services for about a month on a new Telegram channel before officially launching the platform in mid-June.
The Forta research noted that the threat actor had even boasted about running the operation as a single developer.
Before its seizure, LabHost had been offering a phishing kit that targeted multiple Canadian banking brands through Interac-branded phishing pages and lures, the research said.
Interac is Canada’s number one payments processing company, used by over three hundred institutions, facilitating more than 18 million financial transactions every day, according to its website.
After a shaky start due to public bad mouthing by another well-known PHAAS platform Frappo,, SheByte’s share of the market began to pick up steam in December 2024.
Research attributed the uptick to the release of new customizable “v2” phishing pages, and then again in January 2025, with the addition of their own Canadian-targeted Interac pages.
A premium subscription to SheByte will set you back $199 per month, a quarterly option for “seasonal users” costs $497, and the mac daddy yearly plan gets you an extra month free for only $1597.
The premium membership includes unlimited access to workdwde pages, the best UI, top anti-bot technology, and the ability to “make an unlimited number of phishing attacks using every available static or customizable phishing kit,” Fotra said.
“As of March 2025, customizable phishing pages are available targeting 17 Canadian banks, 4 US-based banks, email providers, telecom companies, toll road collections, and crypto services” the research said.
Some of the financial intitutions that can be optioned to create a phish include HSBC, TD Bank, RBC, ScotiaBank, CIBC, People’s Trust, and Tangerine.
Besides its custom page building tools and an anti-detection suite, access to the platform’s LiveRAT admin dashboard is another standout feature on SheByte – and also copied from LabHost.
According to Fortra, members can use the dashboard to to block specific regions, known VPNs and proxies, as well as traffic from potential virtual machines.
The LiveRAT dashboard also enables members to monitor visits to their phishing sites in real-time, allowing them to “intercept MFA authentication codes, request additional information, or prompt victims with custom security questions.”
Your email address will not be published. Required fields are markedmarked