Dark Partners, a financially motivated cybercrime group, has orchestrated extensive cryptocurrency thefts since May 2025. Utilizing over 250 malicious domains posing as AI tools, VPN services, and software brands, they employ SEO poisoning and social engineering tactics to distribute malware like Poseidon Stealer on macOS and PayDay Loader on Windows. These malicious tools exfiltrate sensitive data, mainly targeting sectors such as cryptocurrency and financial services.
Their sophisticated operations involve the use of stolen code signing certificates to circumvent endpoint detection systems and dynamic malware management through the PayDay Panel. Despite a temporary setback in July due to certificate revocations, they’re expected to rebound by enhancing their evasion techniques.
To combat Dark Partners, organizations should implement advanced EDR solutions, enforce strict certificate protocols, and conduct user awareness training against phishing risks. Ongoing monitoring for anomalous activities remains vital to safeguard against this evolving global threat to digital asset security.
Source link