Phishing-as-a-Service Threatens Canada’s Banks

by ·

LabHost has emerged as a pivotal tool for cybercriminals in their assaults on North American banks, particularly targeting financial institutions in Canada.

This Phishing-as-a-Service (PHaaS) provides malefactors with an array of tools for orchestrating phishing attacks, ranging from ready-made kits to infrastructure for hosting fraudulent pages and tools for creating email campaigns.

While LabHost’s existence is not news to the cybersecurity world, its popularity surged after specialized phishing kits aimed at Canadian banks were introduced in the first half of 2023. The research organization Fortra notes that since then, LabHost has ascended to prominence, surpassing other PHaaS platforms, including the phishing service Frappo, and now accounts for the majority of attacks on Canadian bank clients.

In October 2023, LabHost experienced a significant disruption but swiftly recovered and resumed its activity, conducting hundreds of attacks each month. LabHost offers its users three subscription plans: a standard plan at $179 per month, a premium plan at $249 per month, and a global plan at $300 per month, each tailored to different geographic regions and target institutions, including U.S. banks and 70 institutions worldwide.

Furthermore, LabHost enables cybercriminals to bypass two-factor authentication (2FA) using the LabRat tool, which provides the capability to manage and monitor phishing attacks in real-time.

LabHost also offers the LabSend tool for sending SMS spam, which automates smishing campaigns by dispatching messages with links to phishing pages and automatically responding to victims’ messages.

The proliferation of such PHaaS platforms makes cybercrime more accessible to a broader audience, including novice hackers, thereby significantly escalating the cybersecurity threat on a global scale. Among other notable platforms raising concerns among researchers are Caffeine and Robin Banks, offering advanced capabilities for bypassing multifactor authentication and customizable phishing kits.

Tags: