LabHost, a prominent phishing-as-a-service (PhaaS) platform, was recently disrupted in a coordinated international law enforcement operation that lasted for a year. The operation led to the compromise of LabHost’s infrastructure and the arrest of 37 individuals, including the platform’s original developer. Launched in 2021, LabHost provided cybercriminals with a convenient platform to carry out phishing attacks, offering various phishing kits tailored for banks and services in North America. With a monthly subscription fee averaging $249, LabHost attracted approximately 10,000 users worldwide and facilitated the creation of over 40,000 phishing domains.
The investigation into LabHost’s activities revealed the existence of a powerful tool called LabRat, which allowed attackers to capture two-factor authentication (2FA) tokens and bypass account protections in real-time. This tool, along with other customizable and easily deployable phishing services offered by LabHost, made it a popular choice among cybercriminals. The law enforcement operation, coordinated by Europol and involving police forces from 19 countries, resulted in the seizure of LabHost’s infrastructure and the takedown of 207 servers hosting phishing websites. Additionally, 37 individuals suspected of involvement with LabHost were arrested during simultaneous searches conducted worldwide.
LabHost’s illicit operations generated substantial profits, with the authorities estimating that the service’s operators received over $1 million from user subscriptions. Furthermore, investigators discovered that LabHost had stolen a significant amount of sensitive data, including approximately 480,000 credit cards, 64,000 PINs, and one million passwords for various online accounts. Despite experiencing a massive outage in October of the previous year, LabHost resumed its operations in December 2023, prompting speculation about potential exit scamming. However, the recent law enforcement activity has effectively disrupted LabHost’s operations, sending a strong message to cybercriminals and enhancing global cybersecurity efforts.
