294/69 Friday, May 29, 2026
Researchers from Wiz have reported attacks carried out by a threat group tracked as JINX-0164, which targets cryptocurrency organizations. The group uses social engineering techniques through LinkedIn or impersonates recruiters and business partners to persuade victims to join online meetings. Victims are then directed to fake domains that imitate remote meeting services and are tricked into downloading malicious files for macOS.
When the victim runs the file, the system downloads macOS malware that Wiz refers to as AUDIOFIX. This malware is an infostealer and Remote Access Trojan (RAT) developed in Python. It is capable of stealing sensitive information, including data from password managers, macOS Keychain, browser credentials, SSH keys, configuration files, communication application sessions, and cryptocurrency wallet-related data. It can also execute remote commands and retrieve additional payloads from external servers.
The report further stated that JINX-0164 does not only focus on stealing data from users’ machines, but also attempts to move laterally into development infrastructure, such as code distribution systems and CI/CD infrastructure. In some cases, the group modified source code or embedded payloads into repositories, causing other developers’ machines to become infected when they pulled and used the code. In addition, the group has previously been linked to a supply chain incident involving a malicious version of the npm package @velora-dex/sdk, which was modified to download additional MiniRAT malware.
Source https://thehackernews.com/2026/05/jinx-0164-targets-cryptocurrency-firms.html