RST TI Report Digest: 01 Jun 2026

Wiz CIRT identifies JINX-0164, a sophisticated actor active since at least mid-2025 targeting the cryptocurrency industry’s software development infrastructure via LinkedIn social engineering and fake virtual meetings that redirect to malicious conferencing domains; the actor deploys macOS RAT AUDIOFIX (credential and secret theft), a secondary backdoor MINIRAT, and conducts supply-chain-style abuse including malicious npm package modifications, with encrypted C2, fallback domains, and extensive IOCs provided (IP, numerous domains, URLs, and multiple SHA256 hashes).