| SYMBOL | COMMON_NAME | aka. SYNONYMS |
JINX-0164 is a financially motivated threat actor active since mid-2025, primarily targeting software developers through recruitment-themed social engineering to steal cryptocurrencies and conduct supply chain attacks. Their operations have focused on macOS devices, utilizing malware such as AUDIOFIX and MINIRAT, with a notable supply chain compromise involving the trojanization of an npm package. The actor employs a shell script for initial system profiling and payload delivery, often spoofing legitimate services like Microsoft Teams and cryptocurrency companies. JINX-0164's infrastructure includes numerous lookalike domains and utilizes VPN exit nodes for accessing victim systems.
There are currently no families associated with this actor.
| 2026-05-27
⋅
Wiz.io
⋅
Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure JINX-0164 |