Dark Partners Hackers Group Wiping Crypto Wallets With Fake Ai Tools and VPN Services

A sophisticated cybercrime group dubbed “Dark Partners” has emerged as a significant threat to cryptocurrency users worldwide, orchestrating large-scale theft campaigns through an extensive network of fake websites impersonating AI tools, VPN services, and popular software brands. Active since at least May 2025, this financially motivated group has deployed a complex infrastructure spanning over 250 malicious domains, targeting victims across the United States, European Union, Russia, Canada, and Australia through carefully craftedsocial engineeringtactics. The group’s operations center on distributing two primary malware families: Poseidon Stealer targeting macOS systems and PayDay Loader designed for Windows environments. These sophisticated tools enable the theft ofcryptocurrency wallets, credentials, and sensitive data, which are subsequently monetized through cybercriminal markets. The attackers have demonstrated remarkable scalability, impersonating at least 37 popular applicatio...