Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
LinkedIn Social Engineering Targets Cryptocurrency Firms

LinkedIn Social Engineering Targets Cryptocurrency Firms

Posted on May 29, 2026 By CWS

A cyber group known as JINX-0164 has been conducting sophisticated attacks on cryptocurrency companies. This group uses LinkedIn as a platform to trick software developers into downloading malware specifically targeting macOS systems.

LinkedIn as a Tool for Cyber Attacks

Operating since at least mid-2025, JINX-0164 has effectively integrated social engineering, credential theft, and supply chain attacks. These tactics create a seamless threat to the software development process. The attacks begin with the creation of convincing LinkedIn profiles that approach targets with business proposals or job offers.

Once rapport is established, the victims are sent links to fake meeting pages resembling Microsoft Teams. Clicking these links results in the download of a macOS remote access tool that begins extracting sensitive data immediately.

Exploring the Malware Tools: AUDIOFIX and MINIRAT

Security experts at Wiz.io have identified JINX-0164 as a financially motivated actor using two distinct malware families: AUDIOFIX and MINIRAT. These tools primarily target macOS devices. AUDIOFIX is a Python-based backdoor that collects browser credentials, cryptocurrency wallet extensions, and other sensitive data.

This malware communicates with its command-and-control server using AES-256-CBC encryption and can adjust its polling intervals to evade detection. MINIRAT, a lightweight backdoor, registers infected machines with the same control infrastructure but focuses on providing remote access and command execution capabilities.

Implications for the Software Supply Chain

On April 7, 2026, JINX-0164 expanded its operations to the software supply chain by altering version 4.9.1 of the npm package @velora-dex/sdk. This modification allowed the deployment of a shell script that installs MINIRAT when the package is used in any project.

Although only npm credentials were compromised, this incident highlights the risks posed to the software supply chain. Organizations are advised to utilize Endpoint Detection and Response solutions and enable audit logging to detect anomalies.

Recommendations for Mitigation and Monitoring

Security teams should remain vigilant for unverified GitHub commits, unexpected VPN usage, and unusual workflow activities in CI/CD pipelines. Enabling GitHub Vigilant Mode can help detect impersonation attempts.

Monitoring for the use of tools like nord-stream and flagging unfamiliar IP addresses in code package publications can assist in early detection and prevention of such attacks.

By staying informed about the evolving tactics of groups like JINX-0164, organizations can better protect their infrastructure from these sophisticated threats.

Cyber Security News Tags:AUDIOFIX, Cryptocurrency, Cybersecurity, endpoint detection, JINX-0164, LinkedIn, macOS malware, MiniRAT, social engineering, supply chain attack

Post navigation

Previous Post: Major Cybersecurity Incidents: Data Breaches and Attacks
Next Post: MokN Secures $15M to Boost Phish-Back Security Platform

Related Posts

Operation Dragon Whistle: Cyber Threat Unveiled Operation Dragon Whistle: Cyber Threat Unveiled Cyber Security News
How Businesses Stop Complex Social Engineering Attacks Early How Businesses Stop Complex Social Engineering Attacks Early Cyber Security News
Metasploit Pro 5.0.0 Launches with Enhanced Security Features Metasploit Pro 5.0.0 Launches with Enhanced Security Features Cyber Security News
Hackers Utilize Free Firebase for Phishing Schemes Hackers Utilize Free Firebase for Phishing Schemes Cyber Security News
AppViewX Unveils Global Partner Program for Identity Security AppViewX Unveils Global Partner Program for Identity Security Cyber Security News
MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • CISA Alerts on Cisco IOS Vulnerability Exploitation
  • Critical Fixes for VMware Avi Load Balancer Vulnerabilities
  • RabbitMQ Vulnerabilities Expose OAuth Secrets, Threaten Security
  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark