Between April 14 and April 17, LabHost one of the largest “phishing-as-a-service” platform has been shut down.
A joint operation composed of agencies from 19 different countries collaborated over several years to bring down the platform. Europol was the coordinator of the operation wherein law enforcement took down several of the platform’s websites. So far, 37 people have been arrested including for from the UK who are believed to have run the platform. Simultaneously, 800 of the platform’s users were notified by law enforcement of being under active investigation. According to law enforcement, LabHost emerged in 2021, and has been tracked continuously by investigators since 2022. The Phishing service harbored over 40,000 phishing domains to steal nearly half a million card numbers. It was found that the phishing domains had been used by around 2,000 LabHost users to also steal 64,000 PIN numbers, and over one million personal passwords. So far at least 70,000 victims have been identified in the UK. Registered users of LabHost paid a monthly subscription fee for the phishing kits, spending anywhere from $179 to $300. Users also were provided access to a range of targets with the subscription they selected, ranging from financial institutions to telecommunication services. As a service, LabHost provided an array of over 170 fake websites to choose from for users to conduct their own phishing campaigns.
Read more:
https://www.securityweek.com/phishing-platform-labhost-shut-down-by-law-enforcement/