Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz CIRT attributes a series of targeted intrusions against cryptocurrency organizations to a financially motivated actor cluster called JINX-0164. The actor used credible LinkedIn recruiter lures and fake conferencing/driver sites to deliver macOS payloads (AUDIOFIX, MINIRAT) via bash droppers, stole extensive developer and crypto credentials, moved laterally into CI/CD and code distribution systems, and conducted a supply-chain compromise of an npm SDK; the report provides technical analysis, IoCs (domains, hashes, file paths), and detection/response guidance.