Europols arrested 37 suspects in LabHost phishing agency bust, taking down its website

LabHost has made around $1,1 million since its formation, according to officials

Reading time icon 2 min. read

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Europol arrests 37 suspects linked to LabHost, seizing its website.
  • Investigation reveals 40,000 phishing domains tied to LabHost, leading to searches across 19 countries.
  • LabHost offered illegal services for $249/month, with a campaign management tool enabling real-time control over attacks.

Europol, the European organization consisting of law enforcement agencies across the continent, has arrested 37 people over suspicions of their activities in LabHost. The phishing agency, which started its activity in 2021, also had its website seized. 

Europol has been on the phishing-as-a-service (PhaaS) organization’s tails since September 2023. As announced on Thursday, after finding 40,000 phishing domains linked to LabHost, lawmakers in 19 countries have searched over 70 addresses worldwide between April 14 and 17 this year. 

For a monthly fee of $249, LabHost offered customizable illegal services, including fake websites for various targets like banks and delivery services. Its campaign management tool, LabRat, allowed cybercriminals to monitor and control attacks in real time, even bypassing two-factor authentication. 

At least some 100,000 users were affected. Authorities in the UK also said that the organization has made around $1,1 million since its formation.

“An operational sprint was organized at its headquarters with all the countries involved so that the national investigators could identify and develop intelligence on the users and victims in their own countries,” the announcement reads.

Threats of phishing attacks have grown over the years, especially with the rise of AI technologies. 

Almost 2 in 5 phishing attacks by cybercriminals happened by posing as Microsoft’s websites or services, according to a recent survey. Next on the list are Google and LinkedIn by 11% each.