LabHost, one of the world’s largest phishing-as-a-service platforms, has been shut down by law enforcement as part of an operation involving agencies from 19 countries.
According to Europol, which coordinated the years-long operation, LabHost infrastructure was compromised and the law enforcement action culminated in several surface web sites being taken down and 37 individuals being arrested between April 14 and April 17.
Investigators searched 70 addresses across the world. The list of arrested individuals includes four from the UK who are believed to have run the site, including LabHost’s original developer.
In addition, 800 of the platform’s alleged users were contacted by law enforcement and notified that they were under active investigation.
Europol and the UK’s Metropolitan Police, which led the operation, have shared details on the phishing-as-a-service platform and its popularity among cybercriminals.
LabHost was set up in 2021 and law enforcement set its sights on the service in June 2022. Investigators uncovered more than 40,000 phishing domains, which had been used by 2,000 registered LabHost users.
The cybercrime service has been used to steal nearly half a million payment card numbers and 64,000 PINs, as well as over one million passwords for websites and online services. Roughly 70,000 victims have been identified in the UK alone.
LabHost has been used by cybercriminals from around the world, who paid a monthly subscription fee ranging between $179 and $300 in exchange for phishing kits, infrastructure for hosting phishing pages, and functionality for directly engaging with victims.
“Depending on the subscription, criminals were provided an escalating scope of targets from financial institutions, postal delivery services and telecommunication services providers, among others. Labhost offered a menu of over 170 fake websites providing convincing phishing pages for its users to choose from,” Europol explained.
It added, “What made LabHost particularly destructive was its integrated campaign management tool named LabRat. This feature allowed cybercriminals deploying the attacks to monitor and control those attacks in real time. LabRat was designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures.”
The UK’s Metropolitan Police said LabHost’s operators received more than $1.1 million from customers since its creation.
Details on LabHost are also provided by Trend Micro, which offered technical assistance to law enforcement agencies.
Related: German Authorities Take Down ‘Crimemarket’ Cybercrime Website
Related: Warzone RAT Shut Down by Law Enforcement, Two Arrested
Related: Authorities Shut Down RagnarLocker Ransomware Infrastructure