JINX-0164 Uses LinkedIn Lures to Deploy Custom macOS Malware

A security report on JINX-0164 describes a financially motivated campaign that targets developers at cryptocurrency organizations via credible LinkedIn lures that lead to malicious domains impersonating collaboration platforms; victims are tricked into installing macOS malware (AUDIOFIX) and droppers that harvest credentials, SSH keys, cloud tokens, and wallet data. The actor abuses stolen GitHub and cloud tokens to access CI/CD pipelines, injects malicious code into repositories to propagate infections, and conducted an npm package supply-chain compromise to deliver a secondary backdoor (MINIRAT); the report includes numerous IOCs (file hashes, domains, and defanged IPs).