Europol arrested 37 people for their activities at LabHost. The phishing company, which started its activity in 2021, closed after 3 years of operation.
Europol has been hunting the phishing-as-a-service (PhaaS) organization since September 2023. As announced on Thursday, after finding 40.000 phishing domains linked to LabHost, authorities from 19 countries searched more than 70 addresses worldwide.
For a monthly fee of $249, LabHost offered illegal services such as fake websites for various targets such as banks and shipping services. The management tool, called LabRat, allowed criminals to monitor and control attacks in real time, even bypassing two-factor authentication.
At least around 100.000 users were affected by LabHost's malicious services. The authorities in the UK they said that the organization has earned about $1,1 million since its inception.
"An operational sprint was organized at its headquarters with all the countries involved, so that investigators from all countries could trace information about users and victims in their countries," the Europol statement said.
Threats of phishing attacks have increased over the past few years, especially with the rise of AI technologies.
Almost 2 out of 5 phishing attacks were carried out by posing as Microsoft websites or services; according to recent research. Next on the list are Google and LinkedIn with 11% each.