In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK.
The popularity of the platform meant that at the time of the takedown, it boasted more than 2,000 criminal users, who had used it to deploy over 40,000 fraudulent sites leading to hundreds of thousands of victims worldwide. The platform offered a number of key benefits to its criminal clientele, including: The ability to obtain two-factor authentication (2FA) codes by proxying the connection to the phished organization using Adversary-in-the-Middle (AitM) techniques.
Read more…
Source: Trend Micro
Related:
- Cloud Atlas activity in the first half of 2025: what changed
December 19, 2025
Known since 2014, the Cloud Atlas group targets countries in Eastern Europe and Central Asia. Infections occur via phishing emails containing a malicious document that exploits an old vulnerability in the Microsoft Office Equation Editor process (CVE-2018-0802) to download and execute malicious code. In this report, Kaspersky researchers describe the infection chain and tools that the ...
- CISA and Partners Release Update to Malware Analysis Report BRICKSTORM Backdoor
December 19, 2025
Today, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency, and Canadian Centre for Cyber Security released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples. This update provides information on additional samples, including Rust-based samples. These samples demonstrate advanced persistence and defense ...
- UK Foreign Office was victim of cyberattack
December 19, 2025
The UK Foreign Office was hacked in October, a minister has admitted, raising fears that thousands of confidential documents and data may have been compromised. While ministers are “pretty confident” that visa applicants’ details have not been accessed, they have admitted that they are not confident about the identity of the hacker. Sources told The Sun ...
- FBI: Senior U.S. Officials Continue to be Impersonated in Malicious Messaging Campaign
December 19, 2025
This is an update to Public Service Announcement I-051525-PSA, released May 15, 2025, which can be found here. Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals, including officials’ family members and personal acquaintances. If ...
- Police arrest suspect over Microsoft 365 cyber attack
December 19, 2025
The Nigeria Police Force National Cybercrime Centre (NPF-NCCC) has apprehended a suspected cyber fraudster linked to coordinated attacks on Microsoft 365 email platforms used by corporate organisations. The arrest followed an intelligence-led investigation triggered by credible information from Microsoft Corporation in the United States, conveyed through the Federal Bureau of Investigation (FBI). The intelligence exposed the ...
- UK: NHS GP software supplier hit by cyber attack
December 19, 2025
DXS International which provides healthcare technology for the NHS has disclosed a cyber attack, which has led to data being stolen. The UK-based company provides software that helps to reduce costs for doctors and primary care physicians and is used by around 2,000 GPs which oversee the care of around 17 million patients. In a filing ...