The Hacker News reported that a new threat actor, tracked as JINX-0164, has been targeting cryptocurrency organizations with sophisticated social engineering tactics and custom macOS malware to facilitate digital asset theft.The campaign, active since mid-2025, uses recruitment-themed social engineering to lure developers into downloading a Python-based infostealer and remote access trojan named AUDIOFIX. This malware steals credentials, SSH keys, and cryptocurrency wallet information, and enables lateral movement within victim networks. The threat actor also employs MiniRAT, a Go-based backdoor previously distributed via a compromised npm package.While some tactics resemble those of North Korean threat groups, no direct infrastructure overlap has been found. The attacks leverage fake recruitment offers and masquerade as teleconference providers or system drivers to trick victims into installing the malicious payloads. The ultimate goal appears to be the theft of cryptocurrencies and sensitive developer information.Source: The Hacker News
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




