JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Wiz researchers attribute an active campaign since mid-2025 to a previously undocumented threat actor dubbed JINX-0164 that targets cryptocurrency developers and organizations using recruitment-themed social engineering and fake teleconference/driver domains to install custom macOS malware (a Python infostealer, AUDIOFIX RAT) and MiniRAT via a poisoned npm package, enabling credential theft, lateral movement into CI/CD and code distribution systems, source-code modification, and cryptocurrency theft.