Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Filter by Categories

UK Law Enforcement Closed LabHost, a Phishing Service Provider

Executive Summary

On Thursday, April 18, 2024, the Metropolitan Police Service of the UK carried out a coordinated operation that closed LabHost. LabHost was a Phishing-as-a-Service (PhaaS) provider. Other domestic and international law enforcement agencies and various reliable private sector partners assisted in the take down. The operation was carefully synchronized with several significant arrests.

About LabHost and its Services

Emerging in late 2021 as LabHost (previously known as LabRat), this Phishing service platform expanded quickly. It eventually providing numerous phishing pages aimed at banks and prominent organisations. It affected various service providers globally, particularly in Canada, the US, and the UK. By the time of its shutdown, LabHost had attracted over 2,000 criminal users. They had launched more than 40,000 fraudulent websites, affecting hundreds of thousands of victims worldwide.

Softwares such as this one enable cyber criminals to delegate development and hosting of phishing pages.

These are some of their services, across a 3 – tier membership options and subscriptions.

  • LabRat tool: obtaining two-factor authentication (2FA) codes
  • Phishing pages for banks (US, CA and International)
  • Phishing pages for Spotify, DHL, An Post (the Irish Post Office), car tolls services
  • Phishing templates that can request standard name and address information, email, dates of birth, standard security question answers, card numbers, passwords, and PINs.
  • Campaign success statistics calculator
  • Stolen credentials management
  • SMS Smishing component that distributes phishing pages
Law Enforcement’s Action

The Metropolitan Police Service took action against LabHost and its associated fraudulent websites, replacing them with seizure notifications. This operation was conducted in collaboration with the UK’s National Crime Agency, the City of London Police, Europol, Regional Organised Crime Units (ROCUs) across the UK, and various international police forces, alongside trusted private sector partners.

Leading up to the close of LabHost, from April 14 to April 17, international law enforcement agencies conducted multiple arrests targeting users of the service. Additionally, they reached out to hundreds of other individuals and informed them that they were aware of the llicit activities and issued warnings of ongoing investigations related to the phishing service provider.

The press release highlights the significant scale of the operation, including the substantial revenue the phishing service provider generated over roughly two and a half years. It contained the multitude of fraudulent domains created, and the extensive volume of credentials stolen.

Closing Comments

The expectation is that the dismantling of LabHost and the arrest of several key perpetrators will markedly disrupt similar phishing fraud schemes in the future.

This endeavour, along with similar Law Enforcement’s efforts in 2024, are all part of the bigger battle for safer lives at the interconnectedness of public, private and digital.



Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.