The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider


In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK.

The popularity of the platform meant that at the time of the takedown, it boasted more than 2,000 criminal users, who had used it to deploy over 40,000 fraudulent sites leading to hundreds of thousands of victims worldwide. The platform offered a number of key benefits to its criminal clientele, including: The ability to obtain two-factor authentication (2FA) codes by proxying the connection to the phished organization using Adversary-in-the-Middle (AitM) techniques.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • Black Basta ransomware group suspected in Ascension data theft incident

    June 13, 2024

    U.S. healthcare provider Ascension has provided more details of its “cyber security event” last month, admitting that data was stolen, with some reports also suggesting that the Black Basta ransomware gang was behind the attack. One of the largest nonprofit and Catholic health systems in the U.S. and also the second-largest operator of hospitals in the ...

  • Bluetooth tracking device company Tile data compromised in data breach

    June 13, 2024

    Another day, another data breach. Tile has fallen victim to a mammoth data breach, with cybercriminals stealing sensitive consumer data like names, physical addresses, and phone numbers, and even accessing tools that process location requests made by law enforcement. In addition to stealing personal data en masse, hackers have also demanded a ransom from Tile’s parent ...

  • Scammers Create Fraudulent Olympics Ticketing Websites

    June 13, 2024

    Proofpoint recently identified a fraudulent website purporting to sell tickets to the Paris 2024 Summer Olympic Games. It was notably listed as the second sponsored search result on Google, after the official website, when searching for “Paris 2024 tickets,” and related searches. The site was just one of many. According to the French Gendarmerie Nationale, their efforts ...

  • Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day

    June 12, 2024

    The Cardinal cybercrime group (aka Storm-1811, UNC4393), which operates the Black Basta ransomware, may have been exploiting a recently patched Windows privilege escalation vulnerability as a zero-day. The vulnerability (CVE-2024-26169) occurs in the Windows Error Reporting Service. If exploited on affected systems, it can permit an attacker to elevate their privileges. The vulnerability was patched on ...

  • Quebec: Police arrest three in connection with massive Desjardins data breach

    June 12, 2024

    Laval police say they arrested three suspects Wednesday in connection to a massive data breach at Desjardins Group made public in 2019. The data breach at the Quebec-based credit union is thought to be one of the largest ever among Canadian financial institutions, affecting roughly 4.2 million people and 173,000 businesses. The leaked information includes names, ...

  • Noodle RAT: Reviewing the Backdoor Used by Chinese-Speaking Groups

    June 11, 2024

    Since 2022, Trend Micro researchers have been investigating numerous targeted attacks in the Asia-Pacific region that used the same ELF backdoor. Most vendors identify this backdoor as a variant of existing malware such as Gh0st RAT or Rekoobe. However, Trend Micro unearthed the truth: this backdoor is not merely a variant of existing malware, but is ...