FBI Unveils 42,000 Phishing Domains Tied to LabHost PhaaS Platform
The Federal Bureau of Investigation (FBI) has released a list of 42,000 phishing domains associated with the now-shut down LabHost PhaaS platform, in an effort to raise awareness and aid in threat detection. The domain list, which was obtained by the FBI from the backend server of the platform, provides a glimpse into the malicious activities carried out by cybercriminals using LabHost's services.
LabHost, one of the world's largest phishing-as-a-service (PhaaS) providers, was shut down in April 2024 as part of an international law enforcement operation codenamed Nebulae. The operation, coordinated by Europol and involving law enforcement from 19 countries, resulted in the arrest of 37 individuals and the disruption of the platform's operations.
The FBI's release of the domain list is aimed at maximizing awareness and providing indicators of compromise that can be used by recipients for research and defense. The domains, which were active between November 2021 and April 2024, are linked to LabHost's phishing-as-a-service offerings, including pre-designed phishing templates, email or text message sending capabilities, website hosting services, and campaign management tools.
LabHost stored over 1 million credentials and 500,000 credit cards, facilitating financial theft, fraud, and money laundering by its users. The platform offered a subscription-based service that allowed subscribers to pay an average monthly fee of $249 for use of the platform's services. Subscribers could access a selection of over 170 convincing fake websites for deployment with ease.
A key feature of LabHost was its integrated campaign management tool named LabRat, which allowed cybercriminals to monitor and control phishing attacks in real-time. This feature captured two-factor authentication codes and credentials, enabling criminals to bypass enhanced security measures.
Europol announced that the investigation conducted by law enforcement revealed approximately 40,000 phishing domains associated with LabHost, which reached 10,000 users worldwide. The FBI has not validated every domain name, and the list may contain typographical or similar errors from LabHost user input.
What You Can Do
The FBI urges organizations to review the 42,000+ domains for signs of compromise, take mitigation steps, and report suspicious activity. By doing so, individuals can help prevent future malicious use of these phishing domains and support phishing analysis and model training.
Follow us on Twitter: @securityaffairs and Facebook and Mastodon for the latest security news and updates.
The LabHost Phishing-As-A-Service Platform
Cybercrime Tool: LabHost was a prominent tool for cybercriminals globally, offering a subscription-based service that facilitated phishing attacks.
Key Features: Pre-designed phishing templates, email or text message sending capabilities, website hosting services for phishing pages, campaign management tools, and integrated campaign management tool named LabRat.
User Base: LabHost reached 10,000 users worldwide, with subscribers paying an average monthly fee of $249 to use the platform's services.
The Impact of LabHost on Cybersecurity
The release of the 42,000 phishing domains tied to LabHost serves as a reminder of the importance of cybersecurity awareness and vigilance. The FBI's efforts aim to maximize awareness and provide indicators of compromise that can be used by recipients for research and defense.
By sharing this information, the FBI hopes to prevent future malicious use of these phishing domains and support phishing analysis and model training. Organizations are urged to review the list of domains for signs of compromise, take mitigation steps, and report suspicious activity.
About the Author
[Your Name] is a journalist with a focus on cybersecurity and technology. Follow them on Twitter: @securityaffairs and Facebook and Mastodon for the latest security news and updates.