Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
LinkedIn Social Engineering Targets Cryptocurrency Firms

LinkedIn Social Engineering Targets Cryptocurrency Firms

Posted on May 29, 2026 By CWS

A cyber group known as JINX-0164 has been conducting sophisticated attacks on cryptocurrency companies. This group uses LinkedIn as a platform to trick software developers into downloading malware specifically targeting macOS systems.

LinkedIn as a Tool for Cyber Attacks

Operating since at least mid-2025, JINX-0164 has effectively integrated social engineering, credential theft, and supply chain attacks. These tactics create a seamless threat to the software development process. The attacks begin with the creation of convincing LinkedIn profiles that approach targets with business proposals or job offers.

Once rapport is established, the victims are sent links to fake meeting pages resembling Microsoft Teams. Clicking these links results in the download of a macOS remote access tool that begins extracting sensitive data immediately.

Exploring the Malware Tools: AUDIOFIX and MINIRAT

Security experts at Wiz.io have identified JINX-0164 as a financially motivated actor using two distinct malware families: AUDIOFIX and MINIRAT. These tools primarily target macOS devices. AUDIOFIX is a Python-based backdoor that collects browser credentials, cryptocurrency wallet extensions, and other sensitive data.

This malware communicates with its command-and-control server using AES-256-CBC encryption and can adjust its polling intervals to evade detection. MINIRAT, a lightweight backdoor, registers infected machines with the same control infrastructure but focuses on providing remote access and command execution capabilities.

Implications for the Software Supply Chain

On April 7, 2026, JINX-0164 expanded its operations to the software supply chain by altering version 4.9.1 of the npm package @velora-dex/sdk. This modification allowed the deployment of a shell script that installs MINIRAT when the package is used in any project.

Although only npm credentials were compromised, this incident highlights the risks posed to the software supply chain. Organizations are advised to utilize Endpoint Detection and Response solutions and enable audit logging to detect anomalies.

Recommendations for Mitigation and Monitoring

Security teams should remain vigilant for unverified GitHub commits, unexpected VPN usage, and unusual workflow activities in CI/CD pipelines. Enabling GitHub Vigilant Mode can help detect impersonation attempts.

Monitoring for the use of tools like nord-stream and flagging unfamiliar IP addresses in code package publications can assist in early detection and prevention of such attacks.

By staying informed about the evolving tactics of groups like JINX-0164, organizations can better protect their infrastructure from these sophisticated threats.

Cyber Security News Tags:AUDIOFIX, Cryptocurrency, Cybersecurity, endpoint detection, JINX-0164, LinkedIn, macOS malware, MiniRAT, social engineering, supply chain attack

Post navigation

Previous Post: Major Cybersecurity Incidents: Data Breaches and Attacks
Next Post: MokN Secures $15M to Boost Phish-Back Security Platform

Related Posts

AI Browsers Bypass Content PayWall Mimicking as a Human-User AI Browsers Bypass Content PayWall Mimicking as a Human-User Cyber Security News
New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change New TokenBreak Attack Bypasses AI Model’s with Just a Single Character Change Cyber Security News
Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain Indian Income Tax-Themed Attacking Businesses with a Multi-Stage Infection Chain Cyber Security News
Pyronut Package Exploits Telegram Bots via Hidden Backdoor Pyronut Package Exploits Telegram Bots via Hidden Backdoor Cyber Security News
Microsoft Exchange Online to Deprecate SMTP AUTH Basic Authentication for Tenants Microsoft Exchange Online to Deprecate SMTP AUTH Basic Authentication for Tenants Cyber Security News
Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell Hackers Actively Exploiting Cisco and Citrix 0-Days in the Wild to Deploy Webshell Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access
  • Old Microsoft UEFI Shims Pose Secure Boot Risk
  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Qilin Ransomware Exploits Active Directory with DCSync
  • Critical Flaws in Claude for Chrome Allow Unauthorized Access
  • Old Microsoft UEFI Shims Pose Secure Boot Risk
  • July 2026 SAP Security Updates Address Critical Flaws
  • US, Allies Alert on Russian Cyber Threats to Key Infrastructure

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark