Wiz has published details on JINX-0164, a previously undocumented, financially motivated threat actor targeting cryptocurrency organizations. The campaign is notable less for its initial lure — a tired fake-recruiter routine — than for where it ends up: the researchers watched the actor move laterally off a single compromised macOS laptop and into internal code distribution systems and CI/CD infrastructure, modifying source code to spread further. If your developers run macOS and your build pipeline trusts their commits, this one is worth ten minutes of your attention.

What Happened

JINX-0164 has been active since at least mid-2025. The entry point is social engineering: credible LinkedIn profiles approach a target — a crypto-org employee or a software developer — and offer a job opportunity or a virtual meeting. The invite steers the victim to a rogue domain impersonating a teleconferencing provider. The “meeting” throws a fake technical error and instructs the user to download a fix. That fix is malware.

Wiz assesses the actor is motivated by digital-asset theft. In at least one case the group went beyond stealing from the victim directly and turned a compromised developer into a launch point for a supply chain attack against downstream users.

Technical Details

Running the downloaded program triggers a bash script hosted on a fake driver-store domain (apple.driver-store[.]com). The script pulls an architecture-aware payload — compatible with both Intel and Apple Silicon — and installs a Python-based macOS infostealer/RAT that Wiz calls AUDIOFIX. The payload masquerades as the system audio daemon coreaudiod, is written to disk as ChromeUpdater, and is launched and persisted via launchctl.

AUDIOFIX is a full-spectrum credential vacuum. Observed theft includes credentials from password managers, web browsers, and iCloud Keychain files; local admin credentials; SSH keys; configuration files; console history; cryptocurrency browser-extension data and wallet addresses; and active Discord, Slack, and Telegram sessions. Beyond collection, the RAT supports manual reconnaissance, arbitrary shell execution, file deletion, exfiltration, and second-stage payload retrieval.

The dangerous part is the next hop. Using stolen credentials and SSH keys, the actor pivots from the laptop into internal code distribution systems and development infrastructure, injects the AUDIOFIX payload into source code, and uses that foothold to compromise additional endpoints and harvest wallet credentials at scale.

The Supply Chain Angle

JINX-0164’s second tool is MiniRAT, a Go-based macOS backdoor. It reached victims through a real registry compromise: in April 2026, version 9.4.1 of the npm package @velora-dex/sdk — a legitimate DeFi toolkit for the VeloraDEX exchange — was published directly to npm with three injected lines in dist/index.js. The code fired on the first require()/import, fetched a shell script from C2 at 89.36.224[.]5, dropped an architecture-specific binary, and registered it with launchctl. The GitHub repo was never touched; only the published artifact was poisoned. MiniRAT supports command execution, file upload/download, directory exfiltration, and C2 registration. (Documented at the time by SafeDep and StepSecurity.)

Some tradecraft — Astrill VPN, recruiter lures, crypto-and-developer targeting — echoes North Korean clusters such as BlueNoroff, Contagious Interview, and UNC1069. Wiz found no infrastructure overlap, so attribution to Pyongyang is not established.

Who’s Affected

Crypto and DeFi organizations are the bullseye, but the technique generalizes to any shop where developers run macOS and hold keys to build and release systems. Anyone who installed @velora-dex/[email protected] should treat the host as compromised.

What to Do Right Now

Pin @velora-dex/sdk to 9.4.0 or earlier and rotate every credential reachable from any machine that pulled 9.4.1. Hunt on macOS fleets for a coreaudiod binary living outside /System, a file named ChromeUpdater, and suspicious launchctl LaunchAgents/Daemons. Block and alert on apple.driver-store[.]com and 89.36.224[.]5. Treat unsolicited recruiter outreach that ends in “download this to fix your camera” as hostile, and remind staff that legitimate interviews never require running a binary. Most importantly, stop trusting developer laptops implicitly: require signed commits, enforce branch protection and review on anything feeding your release pipeline, and scope CI/CD credentials so a single stolen SSH key can’t rewrite shipping code.

The Bigger Picture

JINX-0164 is another data point in a trend this site keeps returning to: the developer workstation is now production infrastructure. The crypto theft is the motive, but the method — laptop to keychain to SSH key to source tree to everyone downstream — is the same supply chain kill chain we have seen from Megalodon, Contagious Interview, and the npm worms. Defenders who still draw the trust boundary at the firewall are defending the wrong perimeter.

Sources: Wiz research via The Hacker News, StepSecurity: @velora-dex/sdk compromise, SafeDep: Malicious @velora-dex/sdk delivers Go RAT