www.wiz.io
New Threat Actor JINX-0164 Targets Cryptocurrency Organizations
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A new threat actor, JINX-0164, has been identified targeting cryptocurrency firms using custom macOS malware and social engineering tactics. Active since mid-2025, the group employs fake recruiter approaches to gain initial access. Victims are invited to virtual meetings on lookalike domains, where malware is installed under the guise of a technical fix. The malware, named Audiofix, is capable of stealing sensitive information such as credentials and cryptocurrency wallet details. JINX-0164 has also hijacked internal development pipelines, injecting malicious code into repositories, leading to further infections. The group has been linked to multiple incidents, including the trojanization of npm packages. Security experts recommend monitoring for specific indicators of compromise and enhancing logging practices. The threat remains active as of May 2026.
Key Points: • JINX-0164 targets cryptocurrency organizations using sophisticated social engineering. • The group employs custom macOS malware named Audiofix to steal sensitive credentials. • Infections spread through compromised development pipelines and trojanized npm packages.