The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider

In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK.

The popularity of the platform meant that at the time of the takedown, it boasted more than 2,000 criminal users, who had used it to deploy over 40,000 fraudulent sites leading to hundreds of thousands of victims worldwide. The platform offered a number of key benefits to its criminal clientele, including: The ability to obtain two-factor authentication (2FA) codes by proxying the connection to the phished organization using Adversary-in-the-Middle (AitM) techniques.

Read more…
Source: Trend Micro

Sign up for our Newsletter


  • 23-year-old man accused of running $100 million online narcotics marketplace

    May 21, 2024

    Federal authorities have arrested a 23-year-old Taiwanese national and charged him with running an online market that sold $100 million worth of illicit narcotics, including fentanyl, cocaine, methamphetamine, heroin, LSD, and ketamine. The authorities said that for almost four years, Rui-Siang Lin operated and owned the Incognito Market, an online marketplace on the dark web that ...

  • Western Sydney University staff, students caught in cyber attack

    May 21, 2024

    About 7500 staff and students have been caught up in a massive cyber attack at Western Sydney University. Police are investigating the breach, which the university says dates as far back as May 2023, when an unauthorised party got into the Microsoft Office system and accessed email accounts and SharePoint files. WSU says they have not ...

  • Medusa announced attack on John R. Wood Christie’s International Real Estate group

    May 20, 2024

    No patron information was compromised in a recent ransomware attack against John R. Wood Christie’s International Real Estate by a cyber gang known as Medusa, according to the company. Medusa announced the attack on its site, claiming it had stolen more than 1 terabyte of Wood data. The gang demanded $2 million from the real estate ...

  • Springtail: New Linux Backdoor Added to Toolkit

    May 16, 2024

    Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to be a Linux version of the GoBear backdoor, which was used in a recent Springtail campaign ...

  • Payload Trends in Malicious OneNote Samples

    May 16, 2024

    In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote ...

  • Scammers can easily phish your multi-factor authentication codes – here’s how to avoid it

    May 16, 2024

    More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. ...