Threat Intelligence

New threat actor JINX-0164 targets crypto firms with macOS malware

Laptop screen showing malware warning sign with digital circuit background on desk in modern office environment with natural light and creative concept.

The Hacker News reported that a new threat actor, tracked as JINX-0164, has been targeting cryptocurrency organizations with sophisticated social engineering tactics and custom macOS malware to facilitate digital asset theft.

The campaign, active since mid-2025, uses recruitment-themed social engineering to lure developers into downloading a Python-based infostealer and remote access trojan named AUDIOFIX. This malware steals credentials, SSH keys, and cryptocurrency wallet information, and enables lateral movement within victim networks. The threat actor also employs MiniRAT, a Go-based backdoor previously distributed via a compromised npm package.

While some tactics resemble those of North Korean threat groups, no direct infrastructure overlap has been found. The attacks leverage fake recruitment offers and masquerade as teleconference providers or system drivers to trick victims into installing the malicious payloads. The ultimate goal appears to be the theft of cryptocurrencies and sensitive developer information.

Source: The Hacker News

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds