JINX-0164 Targeting Cryptocurrency Development Infrastructure (Campaign)

Wiz Research observed an active, organized campaign targeting cryptocurrency development infrastructure and developer workflows using social engineering (fake business outreach and malicious meeting invitations), trojanized npm packages, and malware (AUDIODFX stealer and MINIRAT backdoor) to exfiltrate browser credentials, crypto wallets, cloud credentials, SSH keys, and CI/CD secrets; attackers also used stolen credentials to access GitHub repositories and attempted to overwrite GitHub Actions secrets while leveraging VPNs and residential proxies to obscure activity.