Dark Partners cybercrime gang fuels large-scale crypto heists

A sprawling network of fake AI, VPN, and crypto software download sites is being used by the "Dark Partner" threat actors to conduct a crypto theft attacks worldwide. Masquerading as popular apps, these cloned sites deliver the Poseiden (macOS) and Lumma (Windows) infostealers and malware loaders like Payday. This malware is used to steal cryptocurrency and sensitive data such as host information, credentials, private keys, or cookies, which are likely sold on the cybercriminal market. On Windows, the threat actor used certificates from multiple companies to digitally sign malware builds, one of them was the PayDay Loader. One infostealer delivered to these machines was Lumma Stealer, a malware operation that law enforcement disrupted earlier this month by seizing thousands of domains and part of its infrastructure. On macOS, the threat actor delivered the Poseidon Stealer, which uses a custom DMG launcher, and targets Firefox and Chromium-based web browsers. Targeting wallet fold ... Read full article.