In a concerning development, the platform known as LabHost has been enabling cybercriminals to launch sophisticated phishing campaigns against banks in North America, with a particular focus on Canada.
This Phishing-as-a-Service (PhaaS) platform offers a comprehensive suite of tools, including ready-to-use phishing kits, hosting solutions, email template creation, and campaign tracking functionalities, all available via a subscription model.
The Surge of LabHost
Originally part of the cybercrime landscape, LabHost has seen a spike in its popularity following the introduction of specialized phishing kits aimed at Canadian banking institutions in the first half of 2023.
Monthly PhaaS activity (Source: Fortra)
Cybersecurity firm Fortra has been closely monitoring these developments and notes that LabHost has now surpassed Frappo, the previously favored PhaaS platform,
becoming the main catalyst for phishing incidents targeting customers of Canadian banks.
Despite experiencing a significant service interruption in early October 2023, LabHost has quickly bounced back, orchestrating hundreds of phishing attacks each month.
Inside Look at LabHost’s Offerings
LabHost distinguishes itself with a tiered membership structure, including Standard ($179/month), Premium ($249/month), and World ($300/month) levels. The first targets Canadian banks, the second focuses on U.S banks, and the third includes 70 global financial institutions.
LabHost’s monthly subscriptions (Source: Fortra)
The service’s phishing kits are not limited to banks; they also simulate platforms like Spotify, DHL, and various regional telecom providers, enabling cybercriminals to tailor their attacks. A key feature of LabHost is its integration with ‘LabRat,’ a dynamic phishing management tool that facilitates real-time oversight and manipulation of phishing attacks.
This capability is crucial for intercepting two-factor authentication codes and bypassing security measures, as detailed in Fortra’s report: “All scam kits available from LabHost work alongside a real-time campaign management tool named LabRat. LabRat allows the phisher to control and monitor their active attacks.”
Following its temporary shutdown in October, LabHost introduced ‘LabSend,’ an SMS-based spamming tool designed to distribute phishing links via text messages. This tool is engineered to launch widespread smishing campaigns, employing message variation techniques to avoid spam detection and even respond automatically to victims’ replies using pre-set templates.
Final Word
The emergence and evolution of PhaaS platforms like LabHost significantly lower the barrier to entry for engaging in cybercrime, enabling even those with minimal technical skills to launch effective phishing attacks.
This democratization of cybercrime tools poses a substantial threat to the cybersecurity landscape, widening the pool of potential attackers and amplifying the challenges faced by individuals and organizations alike in safeguarding their digital assets.