News

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

By Priya Das · Staff Writer, Cybersecurity 2 days ago

A previously undocumented threat actor tracked as JINX-0164 has launched targeted attacks against cryptocurrency firms using fake recruiter lures paired with custom macOS malware designed to steal digital assets.

The campaign combines two attack vectors. First, threat actors pose as recruiters to initiate contact with employees at cryptocurrency organizations, establishing trust before pivoting to malware delivery. Second, the attackers developed bespoke macOS malware to compromise victim systems once initial access succeeds.

Researchers at Wiz identified the operation and disclosed that JINX-0164 employs sophisticated social engineering alongside the malware component. The attackers specifically target CI/CD infrastructure, the systems cryptocurrency firms use to build, test, and deploy applications. Compromise of these pipelines allows attackers to inject malicious code into legitimate software updates or alter deployment processes to steal cryptocurrency holdings or authentication credentials.

The recruitment angle proves particularly effective against cryptocurrency workers. The industry experiences high employee turnover and frequent job searches, making recruitment-themed outreach appear legitimate. Threat actors likely research LinkedIn profiles or industry directories to identify targets by name and role, then initiate conversations about open positions or career opportunities. Once rapport develops, victims receive documents or files containing the macOS malware.

Custom malware development indicates JINX-0164 possesses above-average technical capability. Rather than relying on publicly available tools, the group built malware tailored to macOS systems, suggesting familiarity with Apple's security model and the need to avoid standard endpoint detection signatures.

The targeting of CI/CD infrastructure escalates risk considerably. These systems hold privileged access to source code repositories and production environments. A compromised pipeline creates opportunities for supply chain attacks affecting not just the targeted firm but potentially downstream customers and users.

Cryptocurrency organizations face heightened risk from this campaign. The sector remains attractive to threat actors due to the nature of digital

Key facts

A previously undocumented threat actor tracked as JINX-0164 has launched targeted attacks against cryptocurrency firms using fake recruiter lures paired with custom macOS malware designed to steal digital assets.
First, threat actors pose as recruiters to initiate contact with employees at cryptocurrency organizations, establishing trust before pivoting to malware delivery.
Second, the attackers developed bespoke macOS malware to compromise victim systems once initial access succeeds.
Researchers at Wiz identified the operation and disclosed that JINX-0164 employs sophisticated social engineering alongside the malware component.

Why it matters

This general story is part of CyberWireDaily's daily monitoring of sources, companies, institutions, and trends shaping security breaches, threats & cyber news.

Source context

This article summarizes and contextualizes reporting from The Hacker News. The visible original source link is retained so readers can review the primary report directly.

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Key facts

Why it matters

Source context

Related reading

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

New Russian-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks

Get Daily CyberWireDaily