Connect with us

Hi, what are you looking for?



Phishing Platform LabHost Shut Down by Law Enforcement

LabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation. 

LabHost phishing shutdown

LabHost, one of the world’s largest phishing-as-a-service platforms, has been shut down by law enforcement as part of an operation involving agencies from 19 countries.

According to Europol, which coordinated the years-long operation, LabHost infrastructure was compromised and the law enforcement action culminated in several surface web sites being taken down and 37 individuals being arrested between April 14 and April 17. 

Investigators searched 70 addresses across the world. The list of arrested individuals includes four from the UK who are believed to have run the site, including LabHost’s original developer.

In addition, 800 of the platform’s alleged users were contacted by law enforcement and notified that they were under active investigation. 

Europol and the UK’s Metropolitan Police, which led the operation, have shared details on the phishing-as-a-service platform and its popularity among cybercriminals.

LabHost was set up in 2021 and law enforcement set its sights on the service in June 2022. Investigators uncovered more than 40,000 phishing domains, which had been used by 2,000 registered LabHost users. 

The cybercrime service has been used to steal nearly half a million payment card numbers and 64,000 PINs, as well as over one million passwords for websites and online services. Roughly 70,000 victims have been identified in the UK alone. 

LabHost has been used by cybercriminals from around the world, who paid a monthly subscription fee ranging between $179 and $300 in exchange for phishing kits, infrastructure for hosting phishing pages, and functionality for directly engaging with victims. 

Advertisement. Scroll to continue reading.

“Depending on the subscription, criminals were provided an escalating scope of targets from financial institutions, postal delivery services and telecommunication services providers, among others. Labhost offered a menu of over 170 fake websites providing convincing phishing pages for its users to choose from,” Europol explained. 

It added, “What made LabHost particularly destructive was its integrated campaign management tool named LabRat. This feature allowed cybercriminals deploying the attacks to monitor and control those attacks in real time. LabRat was designed to capture two-factor authentication codes and credentials, allowing the criminals to bypass enhanced security measures.”

The UK’s Metropolitan Police said LabHost’s operators received more than $1.1 million from customers since its creation. 

Details on LabHost are also provided by Trend Micro, which offered technical assistance to law enforcement agencies. 

Related: German Authorities Take Down ‘Crimemarket’ Cybercrime Website

Related: Warzone RAT Shut Down by Law Enforcement, Two Arrested

Related: Authorities Shut Down RagnarLocker Ransomware Infrastructure

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

PR and marketing firm FleishmanHillard named Scott Radcliffe as the agency's global director of cybersecurity.

More People On The Move

Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.