Press ReleaseCyber Crime & ForensicIdentity & Access

Group-IB Helps Takedown Major Phishing Provider LabHost

Group-IB, a leading cybersecurity company aimed at investigating, preventing, and fighting digital crime announced today that it participated in a coordinated global takedown operation against prominent Canadian Phishing-as-a-Service (PhaaS) provider LabHost, which has led to the arrest of 37 suspects across the United Kingdom and around the world by law enforcement agencies. As part of the operation, Group-IB also conducted an extensive analysis of LabHost’s criminal history and infrastructure, including insights into LabHost’s administrative platform and the services it provides to its purported user base which exceeds 2,000 subscribers worldwide, who illegally obtained around 480,000 card numbers, 64,000 pin numbers, and over 1 million passwords from victims used for websites and other online services, according to law enforcement agencies.

“By leveraging our Threat Intelligence and Digital Risk Protection, we are able to identify and monitor phishing attacks and websites like those deployed by LabHost and its subscribers around the world, enabling us to actively alert and protect our customers, and in turn, their customers as well,” said Dmitry Volkov, Chief Executive Officer of Group-IB. “Today’s takedown operation demonstrates the agility and responsiveness of our decentralised Digital Crime Resistance Centres, and how quickly we can provide immediate and local assistance wherever our customers may be.”

(Above) The “membership plans” that target LabHost offers as part of its turn-key services.

First uncovered in late 2021, LabHost emerged as a fully automated Phishing-as-a-Service (PhaaS) platform, streamlining the creation of phishing websites meticulously mirroring the interface and functionality of prominent banking, postal, and financial entities, aimed at intercepting, seizing, and profiting from users’ personal, credit card, and online banking credentials. Users are prompted to select from various “membership plans,” tailored to target businesses and individuals in either the United States and Canada, or globally, akin to mobile subscription models. These plans encompass “standard,” “premium,” and “world membership” tiers, priced between US$179 and US$300 monthly, with options for monthly, quarterly, or annual billing cycles.

Screenshots of the “LabRat” console which enables cybercriminals to monitor their victims in real-time and generate prompts that would direct their victims to provide sensitive information including two-factor authentication codes and other financial and personal details.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *