New Threat Actor Targets Crypto Firms’ Development Infrastructure

Researchers at Wiz identified JINX-0164, a financially motivated threat actor active since at least mid-2025, which conducts highly targeted LinkedIn-based social engineering against developers at cryptocurrency firms to deliver custom macOS malware; the actors harvest credentials, pivot from developer machines into source code, CI/CD pipelines, and cloud environments, and have executed at least one software supply-chain compromise.