LabHost Cybercrime Service Facilitates Phishing Attacks on Banks

The Phishing as a Service (PhaaS) platform known as ‘LabHost’ has emerged as a significant threat to North American banks, particularly those in Canada, contributing to a notable increase in phishing activities.

PhaaS platforms like LabHost offer cybercriminals turnkey phishing kits, infrastructure for hosting phishing pages, email content generation, and campaign overview services in exchange for a monthly subscription fee. Although LabHost is not a new provider, its popularity soared after it introduced custom phishing kits targeting Canadian banks in the first half of 2023.

A cybersecurity firm monitoring cybercriminal activities, reports that LabHost has surpassed Frappo, the previous favorite PhaaS platform, and is now the primary source behind many phishing attacks aimed at Canadian bank customers.

Despite facing a disruptive outage in early October 2023, LabHost has resumed its operations, conducting several hundred attacks per month.

LabHost offers three membership tiers: Standard ($179/month), Premium ($249/month), and World ($300/month). The Standard tier focuses on Canadian banks, the Premium tier includes U.S. banks, and the World tier targets 70 institutions globally, excluding North America.

In addition to phishing kits for banks, LabHost provides templates for phishing pages targeting online services like Spotify, postal delivery services such as DHL, and regional telecommunication providers.

Cybercriminals who purchase access to the LabHost panel can choose from multiple installation options to quickly create custom attacks. One of LabHost’s features is ‘LabRat,’ a real-time phishing management tool that allows cybercriminals to monitor and control active phishing attacks, enabling them to steal two-factor authentication (2FA) codes from targeted accounts.

“All scam kits available from LabHost work alongside a real-time campaign management tool named LabRat. LabRat allows the phisher to control and monitor their active attacks,” explains the researcher.

“This functionality is leveraged in man-in-the-middle style attacks to obtain two-factor authentication codes, authenticate valid credentials, and bypass additional security checks.”

Moreover, following the October disruption, LabHost introduced a new SMS spamming tool called ‘LabSend,’ which includes links to LabHost phishing pages in SMS messages. “The LabSend tool can coordinate an automated smishing campaign across multiple SIDs, randomizing portions of text messages to evade detection of cataloged malicious spam messages,” reads the researcher’s report.

“After sending an SMS lure, LabSend will auto reply to victims’ responses using customizable message templates.”

Phishing-as-a-Service platforms like LabHost make cybercrime more accessible to unskilled hackers, significantly expanding the pool of threat actors and impacting cybersecurity on a broader scale. Researchers have also highlighted other notable PhaaS platforms, such as ‘Greatness’ and ‘Robin Banks,’ both launched in mid-2022, which offer features like MFA bypassing, custom phishing kits, and admin panels.

To defend against LabHost and similar phishing attacks, organizations should educate their employees about the dangers of phishing and how to identify suspicious emails. Implementing email filtering and security software can help detect and block phishing attempts. Regularly updating and patching software vulnerabilities, especially in internet-facing applications, can also prevent attackers from exploiting known weaknesses. Additionally, organizations should regularly review their security policies and procedures to ensure they are up to date with the latest threats and best practices.