Connect with us

Hi, what are you looking for?



Phishing Platform LabHost Shut Down by Law Enforcement

LabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation. 

LabHost phishing shutdown

LabHost, one of the world’s largest phishing-as-a-service platforms, has been shut down by law enforcement as part of an operation involving agencies from 19 countries.

According to Europol, which coordinated the years-long operation, LabHost infrastructure was compromised and the law enforcement action culminated in several surface web sites being taken down and 37 individuals being arrested between April 14 and April 17. 

Investigators searched 70 addresses across the world. The list of arrested individuals includes four from the UK who are believed to have run the site, including LabHost’s original developer.

In addition, 800 of the platform’s alleged users were contacted by law enforcement and notified that they were under active investigation. 

Europol and the UK’s Metropolitan Police, which led the operation, have shared details on the phishing-as-a-service platform and its popularity among cybercriminals.

LabHost was set up in 2021 and law enforcement set its sights on the service in June 2022. Investigators uncovered more than 40,000 phishing domains, which had been used by 2,000 registered LabHost users. 

The cybercrime service has been used to steal nearly half a million payment card numbers and 64,000 PINs, as well as over one million passwords for websites and online services. Roughly 70,000 victims have been identified in the UK alone. 

LabHost has been used by cybercriminals from around the world, who paid a monthly subscription fee ranging between $179 and $300 in exchange for phishing kits, infrastructure for hosting phishing pages, and functionality for directly engaging with victims. 

Advertisement. Scroll to continue reading.

“Depending on the subscription, criminals were provided an escalating scope of targets from financial institutions, postal delivery services and telecommunication services providers, among others. Labhost offered a menu of over 170 fake websites providing convincing phishing pages for its users to choose from,” Europol explained. 

It added, “What made LabHost particularly destructive was its integrated campaign management tool named LabRat. This feature allowed cybercriminals deploying the attacks to monitor and control those attacks in real time. LabRat was designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures.”

The UK’s Metropolitan Police said LabHost’s operators received more than $1.1 million from customers since its creation. 

Details on LabHost are also provided by Trend Micro, which offered technical assistance to law enforcement agencies. 

Related: German Authorities Take Down ‘Crimemarket’ Cybercrime Website

Related: Warzone RAT Shut Down by Law Enforcement, Two Arrested

Related: Authorities Shut Down RagnarLocker Ransomware Infrastructure

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights