The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider


In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK.

The popularity of the platform meant that at the time of the takedown, it boasted more than 2,000 criminal users, who had used it to deploy over 40,000 fraudulent sites leading to hundreds of thousands of victims worldwide. The platform offered a number of key benefits to its criminal clientele, including: The ability to obtain two-factor authentication (2FA) codes by proxying the connection to the phished organization using Adversary-in-the-Middle (AitM) techniques.

Read more…
Source: Trend Micro


Sign up for our Newsletter


Related:

  • New SEC enforcement chiefs see cyber crime as biggest market threat

    June 9, 2017

    Hackers are increasingly breaking into brokerage accounts to steal assets or make illegal trades, prompting U.S. securities regulators to start tracking cyber crimes more closely, two newly appointed enforcement officials said in an interview on Thursday. On Thursday, the U.S. Securities and Exchange Commission named Stephanie Avakian and Steven Peikin as new co-directors of enforcement. In an ...

  • Cybercrime agreement to be signed by global leaders

    June 3, 2017

    Global leaders are preparing to agree how police access digital evidence which may physically be located in another jurisdiction. The amendment to the Budapest Convention on Cybercrime will allow signature states’ police forces to receive digital evidence in criminal investigations in a timely manner – something those forces complain is currently a major problem. Since the opening ...

  • WikiLeaks Vault 7: CIA’s “Pandemic” Tool Replaces Files with Malware

    June 2, 2017

    WikiLeaks has released a new set of documents from its Vault 7 series, this time detailing a tool that the CIA allegedly uses to spread malware on a targeted organization’s network. Appropriately called “Pandemic,” the tool can install a file system filter driver on a network, replacing legitimate files with malicious payload when they are accessed ...

  • OneLogin Affected by Data Breach, Attacker May Have Decrypted Data

    June 2, 2017

    Access manager service OneLogin has announced that it has suffered a massive data breach that affects all users whose data was stored on the US servers, making for a rather nasty situation. “Our review has shown that a threat actor obtained access to a set of AWS keys and used them to access the AWS API ...

  • Financial malware more than twice as prevalent as ransomware

    June 1, 2017

    Three Trojans dominated the financial threat landscape in 2016 and attackers increased their focus on corporate finance departments With all the attention ransomware is getting lately it’s easy to overlook other threats, such as those that target the financial sector and its customers. However, these types of threats are a serious and costly problem for both ...

  • Group Behind NSA Dump That Led to WannaCry Opens 0-Day Exploit Subscription

    May 30, 2017

    Infamous hacking group Shadow Brokers has promised to release more zero-day exploits, such as the one that has made life a misery for some 300,000 people across the world via WannaCry. Now, the group isn’t just after wreaking havoc, but also after making some money, since the releases will be made for a special club ...