Group-IB takes part in a global operation to cripple Canadian Phishing-as-a-Service provider LabHost

SINGAPORE, April 18, 2024 /PRNewswire/ — Group-IB, a leading cybersecurity company aimed at investigating, preventing, and fight digital crime announced today that it participated in a coordinated global takedown operation against prominent Canadian Phishing-as-a-Service (PhaaS) provider LabHost, which has led to the arrest of 37 suspects across the United Kingdom and around the world by law enforcement agencies. As part of the operation, Group-IB also conducted an extensive analysis of LabHost’s criminal history and infrastructure, including insights into LabHost’s administrative platform and the services it provides to its purported user base which exceeds 2,000 subscribers worldwide, who illegally obtained around 480,000 card numbers, 64,000 pin numbers, and over 1 million passwords from victims used for websites and other online services, according to law enforcement agencies.

“By leveraging our Threat Intelligence and Digital Risk Protection, we are able to identify and monitor phishing attacks and websites like those deployed by LabHost and its subscribers around the world, enabling us to actively alert and protect our customers, and in turn, their customers as well,” said Dmitry Volkov, Chief Executive Officer of Group-IB. “Today’s takedown operation demonstrates the agility and responsiveness of our decentralized Digital Crime Resistance Centers, and how quickly we can provide immediate and local assistance wherever our customers may be.”

(Above) The “membership plans” that target LabHost offers as part of its turn-key services.

First uncovered in late 2021, LabHost emerged as a fully automated Phishing-as-a-Service (PhaaS) platform, streamlining the creation of phishing websites meticulously mirroring the interface and functionality of prominent banking, postal, and financial entities, aimed at intercepting, seizing, and profiting from users’ personal, credit card, and online banking credentials. Users are prompted to select from various “membership plans,” tailored to target businesses and individuals in either the United States and Canada, or globally, akin to mobile subscription models. These plans encompass “standard,” “premium,” and “world membership” tiers, priced between US$179 and US$300 monthly, with options for monthly, quarterly, or annual billing cycles.

Screenshots of the “LabRat” console which enables cybercriminals to monitor its victims in real time and generate prompts that would direct their victims to provide sensitive information including two-factor authentication codes and other financial and personal details.


For media inquiries, please contact [email protected]