A global network of fake download sites used by the โDark Partnerโ threat actors distributes Poseidon and Lumma infostealers to steal cryptocurrency and sensitive data. Law enforcement actions have disrupted parts of this operation, but the threat remains active across multiple platforms. #DarkPartner #PoseidonStealer
Keypoints
- The โDark Partnerโ group operates fake sites impersonating popular apps to deliver malware payloads.
- Poseidon Stealer targets macOS browsers and wallets, while Lumma Stealer targets Windows systems.
- Malware is signed with compromised certificates, enhancing its perceived legitimacy.
- The campaign uses advanced evasion techniques, including anti-sandbox modules and complex persistence methods.
- Multiple domains and indicators of compromise have been identified, but recent disruptions have slowed their activities.