Active since at least May 2025, this financially motivated group has deployed a complex infrastructure spanning over 250 malicious domains, targeting victims across the United States, European Union, Russia, Canada, and Australia through carefully crafted social engineering
The group’s operations center on distributing two primary malware families: Poseidon Stealer targeting macOS systems and PayDay Loader designed for Windows environments.
These sophisticated tools enable the theft of cryptocurrency wallets, credentials, and sensitive data, which are subsequently monetized through cybercriminal markets.
The attackers have demonstrated remarkable scalability, impersonating at least 37 popular applications and services, including crypto platforms, VPN services, and widely used software brands.
AlphaHunt analysts identified the group’s sophisticated evasion techniques, which include the use of stolen code signing certificates and advanced anti-sandboxing measures to avoid detection by security systems.
The cybercriminals employ SEO poisoning strategies to manipulate search engine results, directing victims to malicious websites that closely mimic legitimate software download pages.
This approach has proven particularly effective in targeting sectors rich in digital assets, including cryptocurrency and blockchain companies, technology firms, and financial services organizations.
The technical sophistication of Dark Partners’ malware lies in its multi-layered persistence mechanisms and detection evasion capabilities.
On macOS systems, Poseidon Stealer establishes persistence through launch agents and scheduled tasks, creating multiple pathways for maintaining access to compromised systems.
The malware leverages macOS-specific features to embed itself deeply within the operating system’s startup processes, ensuring continued operation even after system reboots.
For Windows environments, PayDay Loader employs PowerShell scripts and virtual hard disks as persistence mechanisms, utilizing legitimate system tools to maintain stealth.
The malware’s modular architecture is managed through the PayDay Panel, a centralized command-and-control platform that enables rapid adaptation and scalable operations across the group’s global infrastructure.
This sophisticated management system allows operators to deploy new payloads, update evasion techniques, and coordinate multi-platform attacks with unprecedented efficiency, making Dark Partners one of the most technically advanced cryptocurrency theft operations observed in 2025.
Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now
The post Dark Partners Hackers Group Wiping Crypto Wallets With Fake Ai Tools and VPN Services appeared first on Cyber Security News.
Free-to-play titles like GorillaTag are popular with young teens with little disposable income. | Image:…
Rajesh Jha, executive vice president of Microsoft's experiences and devices group, is retiring after more…
Loot boxes like the virtual card packs featured in EA’s FC franchise will soon be…
Kantata has commissioned a Business Value study conducted by IDC. The research focused on enterprises…
PayQuicker, a global payouts and financial technology company has launched its new 1099 tax reporting…
The explosive growth of nonhuman identities (NHIs) has quietly become one of the most pressing…
This website uses cookies.