Phishing-as-a-service platform LabHost has been shut down by law enforcement following an investigation, with 37 suspects arrested.
Law enforcement in 19 countries has “severely disrupted” LabHost, one of the world's largest phishing-as-a-service platforms.
According to Europol, LabHost was once a “significant tool for cybercriminals around the world” as cybercrime-as-a-service has become one of the most rapidly evolving business models in the criminal world.
With a monthly subscription, LabHost provided phishing kits, infrastructure for hosting pages, interactive functionality for engaging with victims, and campaign overview services.
LabHost offered a wide range of illicit customizable services that could be initiated with a touch of a button and offered over 170 fake websites providing convincing phishing material.
“Depending on the subscription, criminals were provided an escalating scope of targets from financial institutions, postal delivery services, and telecommunication services providers, among others,” Europol said.
LabHost was particularly toxic because it integrated the campaign management tool LabRat, which allowed cybercriminals to monitor and control their attacks live.
“LabRat was designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures.”
This ongoing, year-long operation conducted by Europol has resulted in a “compromise of LabHost’s infrastructure.”
Between April 14th and 17th, 2024, 70 separate addresses were searched worldwide. From there, 37 suspects were identified and arrested, including four individuals in the United Kingdom.
These four individuals supposedly ran the site and included LabHost’s original developer.
Before the operation, LabHost was available on the open web and has been subsequently shut down.
The UK’s London Metropolitan Police led the investigation, yet Europol’s European Cybercrime Centre and the Joint Cybercrime Action Taskforce aided their efforts.
Law enforcement gathered a vast amount of data during the investigation and is using it to aid ongoing “international operational activities focused on targeting the malicious users of this phishing platform.”
Your email address will not be published. Required fields are markedmarked