In late 2021, LabHost (AKA LabRat) emerged as a new PhaaS platform, growing over time to eventually offer dozens of phishing pages targeting banks, high-profile organizations, and other service providers located around the world, but most notably in Canada, the US, and the UK.
The popularity of the platform meant that at the time of the takedown, it boasted more than 2,000 criminal users, who had used it to deploy over 40,000 fraudulent sites leading to hundreds of thousands of victims worldwide. The platform offered a number of key benefits to its criminal clientele, including: The ability to obtain two-factor authentication (2FA) codes by proxying the connection to the phished organization using Adversary-in-the-Middle (AitM) techniques.
Read more…
Source: Trend Micro
Related:
- Nearly Half of the Norway Population Exposed in HealthCare Data Breach
January 21, 2018
Cybercriminals have stolen a massive trove of Norway’s healthcare data in a recent data breach, which likely impacts more than half of the nation’s population. An unknown hacker or group of hackers managed to breach the systems of Health South-East Regional Health Authority (RHF) and reportedly stolen personal info and health records of some 2.9 million ...
- British 15-year-old gained access to intelligence operations in Afghanistan and Iran by pretending to be head of CIA, court hears
January 19, 2018
A 15-year-old gained access to plans for intelligence operations in Afghanistan and Iran by pretending to be the head of the CIA to gain access to his computers, a court has heard. From the bedroom of the Leicestershire home he shared with his mother, Kane Gamble used “social engineering” – where a person builds up a ...
- Dridex banking Trojan compromises FTP sites in new campaign
January 19, 2018
Researchers have discovered the Dridex banking Trojan has once again evolved and is now using compromised FTP websites in phishing campaigns. The Trojan was first spotted back in 2014 after targeting banks in the United Kingdom. Since then, Dridex has become infamous for striking financial institutions across Europe. The malware spreads through phishing campaigns, duping victims into downloading ...
- Hackers Exploiting Three Microsoft Office Flaws to Spread Zyklon Malware
January 17, 2018
Security researchers have spotted a new malware campaign in the wild that spreads an advanced botnet malware by leveraging at least three recently disclosed vulnerabilities in Microsoft Office. Dubbed Zyklon, the fully-featured malware has resurfaced after almost two years and primarily found targeting telecommunications, insurance and financial services. Active since early 2016, Zyklon is an HTTP botnet malware ...
- Potent Skygofree Malware Packs ‘Never-Before-Seen’ Features
January 17, 2018
Researchers have identified a powerful new Android malware strain called Skygofree capable of eavesdropping on WhatsApp messages, siphoning private data off phones and allowing adversaries to open reverse shell modules on targeted devices, giving attackers ultimate remote control. Researchers said the malware was developed three years ago and has evolved significantly since then to include 48 ...
- LeakedSource Founder Arrested for Selling 3 Billion Stolen Credentials
January 16, 2018
Canadian authorities have arrested and charged an Ontario man for operating a website that collected ‘stolen’ personal identity records and credentials from some three billion online accounts and sold them for profit. According to the Royal Canadian Mounted Police (RCMP), the 27-year-old Jordan Evan Bloom of Thornhill is the person behind the notorious LeakedSource.com—a major repository that compiled public ...