Global authorities, notably the Metropolitan Police Service in the UK, collaborated with international law enforcement agencies and trusted commercial sector partners to successfully dismantle LabHost, a provider of Phishing-as-a-Service (PhaaS).
An unfamiliar Phishing-as-a-Service (PhaaS) platform called LabHost (formerly LabRat) emerged in late 2021. It began targeting banks, well-known companies, and service providers worldwide over time, first focusing on those in Canada, the US, and the UK.
The site attracted more than 2,000 malicious individuals at the time of its removal, who used it to build over 40,000 fake websites that caused hundreds of thousands of victims all over the world.
Europol states that the LabHost platform has been shut down due to a compromised infrastructure. After investigating, they discovered that the platform, which claimed 10,000 members worldwide, was linked to almost 40,000 phishing sites.
Last week, authorities from nineteen different nations conducted searches at 70 addresses globally. Consequently, thirty-seven individuals linked to the LabHost operation were arrested.
Two LabHost users from Melbourne and Adelaide were arrested on April 17 as part of the PhishOFF and Nebulae investigations (the Australian branch of the probe). Authorities also arrested three more people and charged them with drug-related offences.
In a statement, the Australian Federal Police (AFP) said:
Australian offenders are allegedly among 10,000 cybercriminals globally who have used the platform, known as LabHost, to trick victims into providing their personal information, such as online banking logins, credit card details and passwords, through persistent phishing attacks sent via texts and emails.
On LabHost’s infrastructure, law enforcement discovered over a million user passwords and approximately 500,000 compromised credit cards. Law enforcement arrested four individuals in the United Kingdom, including LabHost’s original developer, for their alleged involvement in operating the service.
Global Authorities Tackle Cyber Fraud: Warning Texts Sent to UK Victims
An estimated 70,000 people in the UK have unknowingly revealed their personal information to online scammers. Among these, approximately 25,000 have been identified.
They will receive text messages alerting them about fraudulent online payment systems and retail sites that may have duped them. These people will be referred to a Metropolitan Police webpage for information and assistance.
Investigators got the email addresses of 800 criminals who reportedly used the LabHost service. The perpetrators reportedly paid up to £300 per month for access to LabHost’s software.
Global authorities are now sending personalised videos to these individuals, showcasing their awareness of the crimes, and naming the perpetrators. This approach aims to disrupt the sense of security and anonymity that criminals enjoy when using such services.
Cybercriminals use phishing and smishing activities to spread malicious websites that pose as banks, government institutions, and other respectable establishments. They try to deceive users into disclosing their login information and two-factor (2FA) codes.
Cybercriminals also used LabRat, a website-provided management tool, to launch phishing attacks and monitor them in real time. To bypass security measures, attackers specifically created LabRat with the intention of acquiring two-factor authentication codes.
A whole infrastructure for hosting fake websites and creating email and SMS content is made available to users of phishing kits. They take over online accounts using information they have stolen, allowing money to be transferred illegally from victims’ bank accounts.
Chainalysis conducted an analysis on LabHost’s identified crypto wallets, revealing the receipt of almost $1.1 million in virtual currency across thousands of transfers. The vast bulk of these transactions match to the monthly rates paid by LabHost subscribers.
Furthermore, the majority of cybercriminals who used LabHost were also users of iSpoof, an illegal internet service for phone number spoofing. In November 2022, law enforcement shut down iSpoof. Over $5.3 million worth of Bitcoin has been exchanged by at least 20 wallets that have been seen transacting with both iSpoof and LabHost.
Platforms like LabHost lower the barrier to entry for cybercrime, enabling inexperienced threat actors to launch large-scale phishing attacks. Essentially, PhaaS facilitates the outsourcing of phishing page creation and hosting.
The Metropolitan Police Service and its partners swiftly acted to neutralize a major player in the phishing ecosystem. This proactive approach not only curtails the activities of malicious actors but also sows confusion among their users, thereby safeguarding potential phishing targets from deceptive communications mimicking authentic brands.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.