JINX-0164 targets crypto firms with macOS malware

Summary Points

JINX-0164 targets cryptocurrency firms using sophisticated social engineering, including fake recruitment offers and masquerades as legitimate providers.
The group deploys custom macOS malware, notably AUDIOFIX, a Python-based infostealer and RAT, to steal credentials, SSH keys, and wallet info.
They also use MiniRAT, a Go-based backdoor distributed via compromised npm packages, to facilitate lateral movement and data theft within networks.

Threat, Attack Techniques, and Targets

The threat actor known as JINX-0164 started targeting cryptocurrency firms in mid-2025. They use social engineering tricks to deceive victims. They pretend to offer recruitment opportunities and often pose as teleconference providers or system drivers. These fake offers lure victims to download malicious files. The malware key to their attacks is a custom-made macOS malware called AUDIOFIX. It is a Python-based infostealer and remote access tool. AUDIOFIX steals login credentials, SSH keys, and cryptocurrency wallet details. The actor also uses MiniRAT, a backdoor built with Go, which is spread through a compromised npm package. Their targets mainly include crypto organizations and developers working in the digital asset space.

Impact, Security Implications, and Remediation Guidance

The attacks can lead to the theft of cryptocurrencies and sensitive developer data. Because AUDIOFIX can move laterally within networks, the threat could cause broader damage. The use of social engineering makes it easier for attackers to succeed. Organizations should be cautious about suspicious recruitment messages and fake offers. It is important to verify the source of any downloads or links. If a system is compromised, it could allow attackers to access confidential information. To stay protected, organizations should keep their security measures up to date. For detailed remediation steps, consult the guidance from the relevant vendor or authority.

Expand Your Tech Knowledge

Dive deeper into the world of Cryptocurrency and its impact on global finance.

Stay inspired by the vast knowledge available on Wikipedia.

ThreatIntel-V1

What's Hot

Tennessee Man Connected to 764 Child Crime Accusations Since 2022

JINX-0164 targets crypto firms with macOS malware

Ransomware Hijacks SYSTEM Tasks to Encrypt Local Drives Securely

JINX-0164 targets crypto firms with macOS malware

Tennessee Man Connected to 764 Child Crime Accusations Since 2022

Ransomware Hijacks SYSTEM Tasks to Encrypt Local Drives Securely

Attackers Exploit Marimo CVE-2026-39987 with LLM Agent

Tennessee Man Connected to 764 Child Crime Accusations Since 2022

Ransomware Hijacks SYSTEM Tasks to Encrypt Local Drives Securely

The Gentlemen Are Coming for Your Files—and Your Network

Critical Samba Flaw Allows Remote Code Execution

Tennessee Man Connected to 764 Child Crime Accusations Since 2022

Ransomware Hijacks SYSTEM Tasks to Encrypt Local Drives Securely

Attackers Exploit Marimo CVE-2026-39987 with LLM Agent

Our Picks

Tennessee Man Connected to 764 Child Crime Accusations Since 2022

JINX-0164 targets crypto firms with macOS malware

Ransomware Hijacks SYSTEM Tasks to Encrypt Local Drives Securely

Most Popular

Protecting MCP Security: Defeating Prompt Injection & Tool Poisoning

Unlock the Power of Free WormGPT: Harnessing DeepSeek, Gemini, and Kimi-K2 AI Models

The New Face of DDoS is Impacted by AI

Archives

Categories

Subscribe to Updates

What's Hot

JINX-0164 targets crypto firms with macOS malware

Summary Points

Threat, Attack Techniques, and Targets

Impact, Security Implications, and Remediation Guidance

Expand Your Tech Knowledge

Related Posts