Infostealer

Supply Chain 2026-05-29
JINX-0164: Fake Recruiters, a macOS RAT, and a Pivot Into Code Distribution Pipelines
Wiz details JINX-0164, a financially motivated actor that uses LinkedIn recruiter lures to drop the AUDIOFIX macOS RAT, then moves from developer laptops into code distribution and CI/CD infrastructure.
supply-chain macos cicd cryptocurrency infostealer social-engineering npm threat-actor

JINX-0164: Fake Recruiters, a macOS RAT, and a Pivot Into Code Distribution Pipelines