The Federal Bureau of Investigation (FBI) has revealed the existence of 42,000 phishing domains associated with the notorious LabHost phishing-as-a-service (PhaaS) platform.
This operation, which spanned from November 2021 through April 2024, was recently disabled by law enforcement and had enabled cybercriminals to target millions of victims worldwide.
LabHost: A Major Player in Cybercrime
LabHost, at its height, was one of the largest PhaaS providers with nearly 10,000 users.
.png
)
The service allowed cybercriminals to impersonate over 200 legitimate organizations-including banks, streaming platforms, government agencies, and postal services elaborate schemes to steal personal data and financial information from unsuspecting individuals.
For a fee, LabHost customers had access to sophisticated phishing services: customized and bespoke phishing websites, infrastructure support, smishing (SMS phishing) services, and even adversary-in-the-middle proxy connections designed to intercept two-factor authentication (2FA) codes.
Once a victim submitted information to a LabHost phishing site, the details-ranging from login credentials to credit card numbers-were harvested and delivered directly to the attacker.
According to the FBI, LabHost’s infrastructure stored over one million credentials and nearly half a million compromised credit cards, fueling financial theft, fraud, and money laundering on a staggering scale.
The 42,000 phishing domains uncovered by authorities represent only part of the platform’s extensive reach, with investigators estimating that more than one million individuals across the globe may have fallen victim to these attacks.
The FBI obtained the list of domains and their creation dates from LabHost’s backend servers during the coordinated law enforcement action.
The findings, released in a public FLASH alert, aim to maximize awareness among cybersecurity professionals and network defenders, offering valuable indicators of compromise (IOCs) to bolster corporate and governmental defenses.
Recognizing that many of these domains may no longer be active or inherently malicious, the FBI advises that historical research linking any user or system to these domains should trigger immediate investigation and incident response.
The FBI urges organizations to review network logs for connections to the listed domains, to consider domain blacklisting, and to remain alert for residual threats.
Suspicious activity or indicators of compromise should be reported to local FBI field offices. The Bureau emphasizes that continued collaboration with industry partners and the public is crucial to preventing future cyberattacks.
This operation underscores the evolving threats posed by commercialized cybercrime platforms.
The FBI’s action demonstrates the agency’s commitment to disrupting criminal infrastructure and protecting both organizations and individuals in an increasingly digital world.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!
 platform.){kind=link}