New Threat Actor 'Jinx-0164' Targets Crypto Firms with Custom macOS Malware
A new threat actor known as JINX-0164 has been identified, targeting cryptocurrency developers with custom macOS malware. This group employs sophisticated social engineering tactics to trick victims into downloading malicious software disguised as legitimate applications. Their ultimate goal is to steal digital assets by compromising developer machines and CI/CD pipelines.
- ▪JINX-0164 specializes in targeting developers at cryptocurrency firms with custom macOS malware.
- ▪The group uses social engineering tactics on platforms like LinkedIn to lure victims into downloading malicious files.
- ▪Their malware, AUDIOFIX, is a Python-based infostealer and Remote Access Trojan designed to steal digital assets.
Opening excerpt (first ~120 words) tap to expand
Executive Summary Security researchers at Wiz have identified a new, financially motivated threat actor, dubbed JINX-0164, that specializes in targeting developers at cryptocurrency firms with custom macOS malware. Active since at least mid-2025, the group employs a multi-stage attack that begins with sophisticated social engineering on professional networks like LinkedIn. Victims are tricked into downloading what appears to be a meeting client, which instead deploys a custom Python-based infostealer and Remote Access Trojan (RAT) named AUDIOFIX. JINX-0164 has also demonstrated supply chain attack capabilities, previously distributing a Go-based backdoor called MiniRAT through a malicious version of a legitimate npm package.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at CyberNetSec.io.
Discussion
0 commentsMore from CyberNetSec.io
