International investigation takes down phishing-as-a-service platform LabHost

This week, authorities from 19 countries collaborated in a major operation to significantly disrupt LabHost, one of the world’s largest phishing-as-a-service platforms. Coordinated by Europol over the course of a year, this international effort successfully compromised LabHost’s infrastructure.

Between Sunday, April 14th, and Wednesday, April 17th, authorities conducted searches at a total of 70 locations worldwide, resulting in the apprehension of 37 suspects. Notably, among those arrested were four individuals in the United Kingdom believed to be associated with the administration of the LabHost platform, including its original creator.

LabHost, formerly accessible on the open web, has now been deactivated.

This multinational investigation was spearheaded by the London Metropolitan Police in the UK, with assistance from Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) headquartered at Europol.

Europol has been involved in this case since September 2023. An operational sprint was convened at Europol’s headquarters, facilitating collaboration among participating countries’ investigators to gather intelligence on users and victims within their jurisdictions. During the enforcement phase, a Europol specialist provided support to the Dutch National Police in executing their enforcement operations.

Cybercrime-as-a-service has emerged as a rapidly expanding business model within the criminal realm, enabling threat actors to lease or sell tools, expertise, or services to fellow cybercriminals for executing their attacks. While this model has long been established among ransomware groups, it has also permeated other spheres of cybercrime, including phishing attacks.

LabHost rose to prominence as a significant tool utilized by cybercriminals worldwide. Through a monthly subscription, the platform offered a comprehensive suite of resources, including phishing kits, hosting infrastructure for malicious pages, interactive features for engaging directly with victims, and campaign management services.

The investigation revealed the existence of over 40,000 phishing domains associated with LabHost, which boasted approximately 10,000 users globally.

Priced at an average monthly fee of $249, LabHost provided a plethora of illicit services that were customizable and deployable with minimal effort. Depending on the subscription tier, criminals gained access to an expanding array of targets, ranging from financial institutions to postal and telecommunication service providers. LabHost boasted a menu comprising over 170 fake websites, offering convincing phishing pages for users to select from.

What set LabHost apart was its integrated campaign management tool, dubbed LabRat. This feature empowered cybercriminals to monitor and control their attacks in real time. LabRat was specifically engineered to capture two-factor authentication codes and credentials, enabling criminals to circumvent enhanced security measures effectively.

The following authorities have taken part in the investigation:

• Australia: Australian Federal Police-led Joint Policing Cybercrime Coordination Centre;
• Austria: Criminal Intelligence Service (Bundeskriminalamt);
• Belgium: Federal Judicial Police Brussels (Police judiciaire fédérale Bruxelles/ Federale gerechtelijke politie Brussel);
• Finland: National Police (Poliisi);
• Ireland: An Garda Siochana;
• Netherlands: Central Netherlands Police (Politie Midden-Nederland);
• New Zealand: New Zealand Police;
• Lithuania: Lithuania Police;
• Malta: Malta Police Force (Il-Korp tal-Pulizija ta’ Malta);
• Poland: Central Office for Combating Cybercrime (Centralne Biuro Zwalczania Cyberprzestępczości);
• Portugal: Judicial Police (Polícia Judiciária);
• Romania: Romanian Police (Poliția Română);
• Spain: National Police (Policía Nacional);
• Sweden: Swedish Police Authority (Polisen);
• United Kingdom: London Metropolitan Police;
• United States: United States Secret Service (USSS) and Federal Bureau of Investigation (FBI);
• Czechia: Bureau of Criminal Police and Investigation Service;
• Estonia: Estonian Police and Border Guard Board.