Europol takes down phishing service platform Labhost
Europol has successfully shut down Labhost, a major international platform where criminals could subscribe to phishing services.
(Bild: PeopleImages.com - Yuri A/Shutterstock.com)
After years of international cooperation, European law enforcement officials have dealt a significant blow to one of the world's largest phishing-as-a-service platforms by compromising the Labhost infrastructure.
(Bild: Europol)
European law enforcement officials announced that between 14 and 17 April, a total of 70 addresses worldwide were searched, resulting in the arrest of 37 suspects. Among those arrested were four individuals from the United Kingdom connected to the site's operation, including the original developer of the services.
Labhost platform shut down
The Labhost platform, which was openly available online rather than hidden on the dark web, was shut down during the operation. The Metropolitan Police in London led the operation with support from Europol's European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT). Law enforcement officers from 19 countries were also involved.
According to Europol, cybercrime-as-a-service has become a rapidly growing business model, with malicious actors renting or selling tools and services to other cybercriminals who use them to carry out attacks. While this model is well-known for ransomware, it is now expanding into other areas such as phishing. Labhost had established itself as a significant provider for criminals worldwide, offering phishing kits, website hosting infrastructure, interactive features for direct interaction with victims, and phishing campaign monitoring services for a monthly subscription fee.
The investigation uncovered more than 40,000 phishing domains linked to Labhost. They had several 10,000 users, Europol added. On average, the monthly fee was 249 US dollars for the illegal services, which could be customized and deployed with just a few mouse clicks. With tiered pricing, there were more targets to choose from financial institutions, postal services or telecommunications providers. In total, Labhost users could choose from more than 170 fake websites that delivered convincing phishing pages. The London Metropolitan Police adds that Labhost has generated around 1,173,000 US dollars in revenue since its creation. Globally, the criminal service has collected 480,000 credit card numbers, 64,000 PINs and more than one million passwords.
The Labrat campaign management tool not only allowed cybercriminals to launch and monitor attacks in real-time but also intercept two-factor authentication and credentials, enabling criminals to bypass advanced security measures.
Criminal service platforms enable unsuspecting people to commit online crimes
Platforms like Labhost make criminal online activities easily accessible to unskilled actors, expanding the pool of cybercriminals. Europol stated that the vast amount of data collected during the investigations is now in the possession of law enforcement and will be used to support ongoing international efforts to track down the platform's malicious users. Shortly after the platform was taken over, the Metropolitan Police sent a message to 800 users informing them that their identities and actions were known, including evidence of payments, page views, and accessed data records. As a result, many of these individuals will remain under investigation in the coming weeks and months.
Just last week, the BKA was also able to shut down a criminal online marketplace. It offered services that could be used to protect malware from being detected by antivirus software. In addition to such cryptors, "AegisTools-pw" also offered services that could be used to test the success of obfuscation against virus scanners.
(dmk)
