The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider


In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK.

The popularity of the platform meant that at the time of the takedown, it boasted more than 2,000 criminal users, who had used it to deploy over 40,000 fraudulent sites leading to hundreds of thousands of victims worldwide. The platform offered a number of key benefits to its criminal clientele, including: The ability to obtain two-factor authentication (2FA) codes by proxying the connection to the phished organization using Adversary-in-the-Middle (AitM) techniques.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • Frontier Communications: 750k people’s data stolen in April attack on systems

    June 7, 2024

    Frontier Communications has confirmed more than 750,000 individuals were affected in an April cyberattack on its systems, according to a regulatory filing. Lawyers representing the major US telco told the Office of the Maine Attorney General that data belonging to 751,895 people was stolen. The data types impacted, according to the filing, are limited to names ...

  • CoinGecko confirms email provider data breach, over 23,000 phishing emails sent

    June 7, 2024

    Cryptocurrency data aggregator CoinGecko has confirmed a data breach suffered by its third-party email management platform GetResponse. Following yesterday’s reports of a new wave of crypto airdrop scams, CoinGecko confirmed that GetResponse suffered a data breach on June 5, allowing attackers to export the contact information of over 1.9 million CoinGecko users. Read more… Source: CoinTelegraph Sign up for ...

  • Philippines: Toyota, Robinsons Land confirm data breaches

    June 6, 2024

    Carmaker Toyota and real estate firm Robinsons Land have confirmed reports of data breaches in their company and are now under evaluation by the National Privacy Commission (NPC). In a statement Thursday, NPC Compliance and Monitoring Division chief Rainier Milanes said Robinsons Land notified the NPC of a breach on June 1 while Toyota made a ...

  • Hundreds of Snowflake customer passwords found online are linked to info-stealing malware

    June 5, 2024

    Cloud data analysis company Snowflake is at the center of a recent spate of alleged data thefts, as its corporate customers scramble to understand if their stores of cloud data have been compromised. Snowflake helps some of the largest global corporations — including banks, healthcare providers and tech companies — store and analyze their vast amounts ...

  • RansomHub: New Ransomware has Origins in Older Knight

    June 5, 2024

    RansomHub, a new Ransomware-as-a-Service (RaaS) that has rapidly become one of the largest ransomware groups currently operating, is very likely an updated and rebranded version of the older Knight ransomware. Analysis of the RansomHub payload by Symantec, revealed a high degree of similarity between the two threats, suggesting that Knight was the starting point for RansomHub. ...

  • MediSecure put into administration weeks after massive data breach

    June 5, 2024

    Online prescription provider MediSecure has collapsed into administration and liquidation just weeks after a large-scale ransomware attack resulted in customer details being leaked on the dark web. The Melbourne-based health provider last month confirmed the massive data breach had taken place, with the personal information and some limited health information of people who used the service ...