Coordinated global investigation brings down phishing service LabHost
The service was behind over 40,000 phishing domains.
A year-long operation coordinated by Europol with law enforcement from 19 countries was successful in disrupting the infrastructure of LabHost, one of the world’s largest phishing-as-a-service platforms.
The investigation found that LabHost, which had about 10,000 users worldwide, was behind over 40,000 phishing domains. Charging an average monthly fee of $249, LabHost provided illegal services that could be tailored to users’ preferences, offering over 170 fake websites for phishing. These services targeted different sectors like financial institutions and postal services. What set LabHost apart was its LabRat tool, which allowed cybercriminals to manage attacks in real-time, capturing authentication codes to bypass security measures.
The investigation was led by the UK’s London Metropolitan Police, with the support of Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) hosted at its headquarters.
It is reported that between 14 -17 April, 70 addresses were searched across the world, which led to the arrest of 37 suspects, including the arrest of 4 UK-based individuals who are said to have links to the running of the site, including the original developer of the service.
As a result of the operation, the LabHost platform, which was available on the open web, has been shut down.