LabHost Employs Phishing-as-a-Service to Steal banking Credentials

LabHost group has been discovered to be targeting Canadian Banks with Phishing-as-a-service attacks. Phishing-as-a-service (PhaaS) groups have been on the rise due to multiple tools capable of multiple features, such as access to an array of stolen industry branding, monitoring tools, security bypass abilities, and much more.

Between 2022 and 2023, phishing-as-a-service was adopted in several malicious activities, and Frappo was the leader of this phishing-as-a-service. However, Frappo had a downfall after the first half of 2022 when platform users reported that their phishing pages were blocked and mitigated sooner. 

Following this, Frappo stated that there will be an improved version of their platform soon, which is yet to be publicly released.

Moreover, several phishing campaigns had similarities to the Frappo campaigns with only minor changes. However, some similarities were not attributed to Frappo but to a different PhaaS platform that pointed the light towards LabHost.

Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

LabHost Threat History

According to the reports shared with Cyber Security News, LabHost began operating publicly in the last quarter of 2021, just short of when Frappo began to charge its customers. LabHost was initially expensive compared to Frappo. 

Their original multi-branded phishing kit had full multi-factor authentication phishing for specifically three Canadian banks. More banks were added to the kit in June 2022.

After the recent release of the Canadian interbank network kit, there was a high spike in phishing campaigns through spring and Summer until October, when there was a major outage in LabHost services. As for LabHost phishing kits, there were two separate subscription packages. 

One of them was a North American membership covering US and Canadian brands and an international membership consisting of various global brands (excluding the NA brands). However, the Canadian interbank network kits were the most used, targeting Canadian banks, regional telecom providers, and postal delivery services.  

LabRat and LabSend

All of the LabHost phishing kits work with a real-time campaign management tool called “LabRat, ” which allows users to control and monitor their active attacks. LabSend is a new SMS lure and campaign manager released in December. 

LabSend provides a new, complex, automated method for sending links to LabHost phishing pages. Once an SMS lure is sent, LabSend will auto-reply with victims’ responses using customizable message templates.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.