An international law enforcement task force has disrupted LabHost, a platform used by hackers to launch phishing campaigns.

The takedown operation, which was revealed today, also saw officials arrest 37 individuals who are suspected of being involved in the phishing scheme. One of the apprehended individuals is believed to be LabHost’s original developer.

LabHost was a so-called phishing-as-a-service platform. Hackers used it to send emails that tricked victims into sharing credit card information and other personal data. According to law enforcement officials, the phishing emails were paired with malicious websites designed to give the impression they were operated by a legitimate company.

LabHost offered subscription-based phishing kits that carried an average monthly fee of $249. The hackers who purchased them received access to tools for creating and distributing malicious emails, as well as downloadable website templates. LabHost sold more than 170 templates designed to mimic the websites of internet providers, delivery companies and other organizations.

The most advanced hacking tool the platform offered is a piece of software known as LabRat. According to law enforcement officials, the tool allowed cybercriminals to steal victims’ two-factor authentication tokens. LabRat also provided features for exfiltrating other types of sensitive data.

According to BleepingComputer, authorities launched the effort to take down LabHost about a year ago. The Europol-led operation included the participation of police forces from 19 countries as well as Microsoft Corp., Intel Corp. and other private sector organizations.

“The investigation uncovered at least 40,000 phishing domains linked to LabHost, which had some 10,000 users worldwide,” Europol detailed. 

Besides disrupting LabHost’s infrastructure, authorities also arrested 37 individuals who are suspected of having been involved in the phishing operation. Four of those individuals were apprehended in the U.K., including a person who is believed to be the platform’s original developer. In conjunction, officials notified 800 of LabHost’s suspected users that they are under investigation.

Law enforcement officials used the information gleaned during the takedown to map out the scope of the phishing scheme. According to Europol, LabHost’s operators generated $1,173,000 from phishing kit subscriptions since launching the platform in 2021. Those kits’ users stole 480,000 credit card numbers, 64,000 PINs and 1 million passwords.

LabHost is the latest in a string of hacking platforms to have been disrupted by law enforcement officials. Earlier this year, authorities arrested two members of the LockBit ransomware-as-a-service gang and disrupted its infrastructure. Last December, an FBI-led task force shut down several malicious websites used by another ransomware gang called ALPHV.

Image: TheDigitalArtist/Pixabay