Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
JINX-0164 Hits Crypto Firms with Sophisticated MacOS Malware

JINX-0164 Hits Crypto Firms with Sophisticated MacOS Malware

Posted on May 28, 2026 By CWS

A previously unknown cyber threat group, identified as JINX-0164, has embarked on a malicious campaign targeting cryptocurrency companies. The group uses recruitment-themed social engineering tactics paired with custom macOS malware to facilitate the theft of digital assets.

Social Engineering and Malware Deployment

Researchers from Wiz, including Shira Ayal and Eden Abergil, have highlighted how JINX-0164 employs advanced social engineering strategies. By targeting employees through fake recruiter lures, the group gains access to internal systems. This includes moving from compromised laptops to critical code distribution networks and development infrastructures.

Operating under the observation of Google-owned cloud security teams, the group has been active since mid-2025. Their primary motivation appears to be financial, with a strong focus on exploiting developers to siphon cryptocurrency. A notable instance involved a supply chain attack, indicating the group’s sophisticated approach.

Technical Details of the Attack

JINX-0164 typically initiates contact through credible LinkedIn profiles, inviting victims to a virtual meeting. This meeting directs targets to a fraudulent domain posing as a teleconference service, where they are tricked into downloading malware.

The initial download retrieves a Python-based macOS infostealer and a remote access trojan named AUDIOFIX, executed via a bash script from a fake domain resembling a driver store. This payload, disguised as a system audio driver, is compatible with both Intel and Apple Silicon systems.

Data Breaches and Broader Implications

The malware enables the theft of sensitive data, including credentials from password managers and cryptocurrency wallet details. Additionally, AUDIOFIX supports various malicious commands, allowing for data exfiltration and further system compromises.

JINX-0164 also utilizes MiniRAT, a Go-based backdoor, distributed through a compromised npm package. This tool can upload files, execute shell commands, and fetch additional malicious payloads.

While some tactics resemble those of North Korean cyber groups, Wiz researchers have found no direct infrastructure links to confirm such connections.

Conclusion and Future Outlook

The activities of JINX-0164 underscore the evolving threat landscape for cryptocurrency firms. With sophisticated techniques and a clear financial motive, organizations are urged to enhance their cybersecurity measures. Continuous monitoring and awareness are crucial to mitigating such advanced threats in the future.

The Hacker News Tags:AUDIOFIX, cloud security, Cryptocurrency, Cybersecurity, digital asset theft, JINX-0164, macOS malware, MiniRAT, North Korean hackers, Phishing, social engineering, supply chain attack, threat actor, Wiz researchers

Post navigation

Previous Post: Urgent Patch Recommended for Veeam Backup Vulnerability
Next Post: Microsoft Criticizes Premature Zero-Day Disclosures

Related Posts

Cisco SD-WAN Zero-Day Vulnerability Exploited for Root Access Cisco SD-WAN Zero-Day Vulnerability Exploited for Root Access The Hacker News
AI Skill Exploits and Record DDoS Attack Highlight Cyber Vulnerabilities AI Skill Exploits and Record DDoS Attack Highlight Cyber Vulnerabilities The Hacker News
Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers The Hacker News
Arch Linux AUR Packages Hijacked for Malware Deployment Arch Linux AUR Packages Hijacked for Malware Deployment The Hacker News
New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale New Advanced Phishing Kits Use AI and MFA Bypass Tactics to Steal Credentials at Scale The Hacker News
Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN Preinstalled Apps on Ulefone, Krüger&Matz Phones Let Any App Reset Device, Steal PIN The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • KittySploit: AI-Driven PenTesting with Over 1150 Modules
  • Cybersecurity Update: Linux Flaws, Ubiquiti Issues, Accenture Breach
  • Apple Accuses OpenAI of Trade Secret Misappropriation
  • Espionage Campaigns Target Pakistani Police Portals
  • Compromised jscrambler npm Package Drops Infostealer

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark