Header image

Police Disrupt LabHost Phishing Service

UK police takedown Phishing as a Service provider which affected thousands of UK victims.


UK police have taken down the Phishing-as-a-Service (PhaaS) provider LabHost.

Metropolitan Police said LabHost - also known as LabRat - was used by more than 2,000 criminal users to create more than 40,000 fraudulent sites, impacting hundreds of thousands of victims worldwide.

The phishing websites were designed to trick victims into revealing personal information such as email addresses, passwords, and bank details.

Just under 70,000 individual UK victims have entered their details into one of LabHost’s fraudulent sites, with the service collecting 480,000 card numbers, 64,000 PIN numbers, and more than one million passwords used for websites and other online services.

As of today, police detectives have contacted up to 25,000 victims in the UK to tell them their data has been compromised.

What is LabHost?

Since its creation, LabHost received just under £1 million ($1,173,000) in payments from criminal users, many of whom Met cyber-crime detectives were able to identify.

A PhaaS outsources the task of having to develop and host phishing pages for a target organization, plus having to develop methods to extract stolen details, substantially dropping the barrier for entry to phishing, according to information from Trend Micro.

Users were able to use three stages of membership: 

Standard (US$179 per month). This offered dozens of pages targeting Canadian institutions and hosted of a maximum of three active phishing pages at the same time.

Premium (US$249 per month). In addition to all the features of the Standard tier, Premium offered dozens of pages targeting US institutions and increased the size of its active phishing pages to 20.

World Membership (US$300 per month). The highest tier offered over 70 phishing pages targeting international organizations and added 10 hosted phishing pages (separate to Premium or Standard licenses).


The Met Police said that shortly after the platform was disrupted, 800 users received a message identifying them and informing them that their actions are being monitored. “Many of these individuals will remain the focus of investigation over the coming weeks and months,” the Met Police statement read.

The Met’s Cyber Crime Unit joined forces with the National Crime Agency, City of London Police, Europol, Regional Organised Crime Units across the country and other international police forces - as well as partners including Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation and Trend Micro - to take action and bring down the platform. The takedown has seen 37 arrests across the UK.

Robert McArdle, director of Trend Micro’s Forward Threat Research Team, said: “LabHost's takedown confirms the importance of collaborative efforts in combating cybercrime. We are proud to have contributed to the investigation, aiding in the identification of infrastructure and profiling key users involved in this illicit operation.

“This successful operation is a testament to the power of partnerships between law enforcement and cybersecurity firms in safeguarding online security.”



Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a seasoned B2B journalist with over 20 years of experience, specializing in cybersecurity for the past 15 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes. Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.