A gang of hackers offers subscription offers to their hacking kits

LabHost, a Phishing-as-a-Service (PhaaS) platform, offers personalized phishing kits targeting Canadian banks. It has become the No. 1 phishing attack according to the report from Fortra, a cybersecurity company.

Phishing is a now well-known cybercrime technique that involves sending fraudulent emails or SMS messages to trick recipients into clicking on links or providing personal or banking information. These links lead to web pages that imitate the appearance of legitimate sites, but are in fact controlled by hackers and are very difficult for even the best antivirus programs to detect.

Phishing is a growing threat to the security of users and financial institutions, who may suffer financial losses, identity theft or reputational damage. According to the Canadian Anti-Fraud Center, phishing caused more than $34 million in damage to Canadians in 2022. LabHost is one of the leaders in this dark market and offers nothing more and nothing less than subscriptions to its phishing kits to anyone.

LabHost, a growing PhaaS provider

To carry out phishing campaigns, cybercriminals need several elements: phishing kits, which are sets of files used to create fraudulent web pages; an infrastructure to host these pages; content for writing emails or SMS messages; and a tool to manage and monitor attacks.

Some cybercriminals create these elements themselves, but others prefer to rent them from Phishing-as-a-Service (PhaaS) providers, which are platforms that offer these services for a monthly fee. PhaaS platforms make phishing more easily accessible to unskilled hackers, significantly expanding the number of threat actors and impacting cybersecurity on a larger scale.

LabHost is one such PhaaS provider, which specializes in targeting North American banks, particularly financial institutions from Canada. LabHost is not a new vendor, but its popularity skyrocketed after the introduction of custom phishing kits for Canadian banks in the first half of 2023.

LabHost has overtaken Frappo, the former PhaaS platform favored by cybercriminals, and become the main driver of most phishing attacks targeting bank customers, according to the report from Fortra, a cybersecurity firm that tracks cybercriminal activity. Canadians. Although LabHost suffered a disruptive outage in early October 2023, it has returned to a notable level of activity, counting several hundred attacks per month.

LabHost, a sophisticated phishing arsenal

LabHost offers three membership tiers: Standard ($179/month), Premium ($249/month), and World ($300/month). The first category is Canadian banks, the second is U.S. banks, and the third is 70 institutions from around the world, excluding North America. In addition to phishing kits for banks, the templates include phishing pages for online services like Spotify, postal delivery services like DHL, and regional telecommunications service providers.

Cybercriminals who purchase access to the LabHost panel have several installation options to quickly create custom attacks. They can choose the domain name, logo, design, content and language of the phishing pages. They can also set up redirects to legitimate sites or error pages in case the attack fails.

LabHost also has tools to bypass two-factor authentication (2FA) protection and send malicious SMS messages. “ All scam kits available from LabHost work with a real-time campaign management tool called LabRat. LabRat allows the phisher to control and monitor its active attacks “, explains Fortra, adding: “ This feature is exploited in man-in-the-middle attacks to obtain two-factor authentication codes, authenticate valid credentials, and bypass additional security controls “.

Additionally, when LabHost relaunched after the October disruption, it introduced a new SMS spam tool called LabSend, which embeds links to LabHost phishing pages in SMS messages. “ The LabSend tool can coordinate an automated phishing campaign across multiple SIDs, randomizing portions of text messages to avoid detection of cataloged malicious spam messages “, we can read in the Fortra report. “ After sending a lure via SMS, LabSend will automatically respond to victims’ responses using customizable message templates “.

LabHost, a threat to be taken seriously

LabHost poses a serious threat to the security of financial institutions and users in Canada, who are exposed to risks of financial loss, identity theft or damage to their reputation. Fortra recommends that users be wary of suspicious emails or text messages, verify the address and certificate of websites they visit, and never disclose their personal or banking information to unauthorized third parties.

Fortra also warns of other notable PhaaS platforms, such as Greatness and Robin Banks, which launched in mid-2022 and offer similar functionality to LabHost. These platforms show that phishing is a constantly evolving phenomenon, which requires increased vigilance and prevention from cybersecurity players.

Source: Bleeping Computer, Phishlab