LabHost: Global Police Agencies Take Down Massive Phishing Service Used By Over 2,000 Hackers

A total of 37 people have been apprehended in a global operation targeting LabHost, a cybercrime service utilised by criminals to steal personal credentials from individuals across the globe.

LabHost, recognised as a major provider of Phishing-as-a-Service (PhaaS), provided phishing pages tailored to banks, prominent organisations, and service providers, with a focus on Canada, US and UK.

The phishing pages, distributed through phishing and smishing campaigns, emulate banks, government bodies, and prominent organisations, tricking users into providing their credentials and two-factor authentication codes.

LabHost managed to acquire 4,80,000 bank card numbers, 64,000 PIN numbers, and over 1 million passwords used for websites and various online services.

Simultaneous with the arrests, LabHost and its network of phishing sites have been seized and replaced with a message declaring their confiscation.

LabHost was documented earlier this year by Fortra, detailing its PhaaS targeting brands worldwide, offering its services for a monthly fee ranging from $179 to $300. It was first detected in the fourth quarter of 2021.