Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

2026-05-27 Wiz

https://www.wiz.io/blog/threat-actors-target-crypto-orgs

Thumbnail for Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz identified JINX-0164, a previously unreported financially motivated actor targeting cryptocurrency organizations and developers through LinkedIn recruitment/business lures, fake conferencing pages, and malicious macOS “fix” scripts. The actor deploys AUDIOFIX, a Python infostealer/backdoor that steals wallet, browser, cloud, GitHub, CI/CD, and local macOS secrets, then uses stolen development credentials to access code distribution systems and inject malware into internal repositories. JINX-0164 also trojanized @velora-dex/sdk version 4.9.1 on npm to deliver the Go-based MINIRAT backdoor, showing supply-chain capability against cryptocurrency software infrastructure. Wiz notes tactical similarities to North Korea-linked groups such as UNC1069/Sleet and Sapphire Sleet, but found distinct implementations and no infrastructure overlap, so it does not attribute the activity to a state sponsor.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 185.175.59.85 2026-05-27 2026-05-27
IPv4 163.172.53.20 2026-05-27 2026-05-27
IPv4 185.100.85.250 2026-05-27 2026-05-27
IPv4 89.36.224.5 2026-05-27 2026-05-27
URL http://89.36.224.5/troubleshoot… 2026-05-27 2026-05-27
URL https://apple.driver-update.io/… 2026-05-27 2026-05-27
URL https://learn.bitget-meeting.co… 2026-05-27 2026-05-27
DOMAIN retesta.live 2026-05-27 2026-05-27
DOMAIN lives.us.org 2026-05-27 2026-05-27
DOMAIN teams.us.org 2026-05-27 2026-05-27
DOMAIN live.ong 2026-05-27 2026-05-27
DOMAIN slktest.live 2026-05-27 2026-05-27
DOMAIN app.us03-slack.online 2026-05-27 2026-05-27
DOMAIN us03-slack.online 2026-05-27 2026-05-27
DOMAIN teams.live.org.mx 2026-05-27 2026-05-27
DOMAIN live.org.mx 2026-05-27 2026-05-27
DOMAIN teams.live.us.org 2026-05-27 2026-05-27
DOMAIN live.us.org 2026-05-27 2026-05-27
IPv4 185.100.85.98 2026-05-27 2026-05-27
DOMAIN teams.cam 2026-05-27 2026-05-27
DOMAIN learn.teamicrosoft.com 2026-05-27 2026-05-27
DOMAIN teamicrosoft.com 2026-05-27 2026-05-27
DOMAIN learn.bitget-meeting.com 2026-05-27 2026-05-27
DOMAIN bitget-meeting.com 2026-05-27 2026-05-27
DOMAIN byte-io.us 2026-05-27 2026-05-27
DOMAIN cloud-sync.online 2026-05-27 2026-05-27
IPv4 208.115.220.17 2026-05-27 2026-05-27
DOMAIN datahub.ink 2026-05-27 2026-05-27
IPv4 84.32.83.250 2026-05-27 2026-05-27
DOMAIN drvstore.com 2026-05-27 2026-05-27
IPv4 45.45.217.242 2026-05-27 2026-05-27
DOMAIN driver-hub.net 2026-05-27 2026-05-27
DOMAIN driver-update.io 2026-05-27 2026-05-27
IPv4 153.92.126.84 2026-05-27 2026-05-27
DOMAIN apple.driver-update.io 2026-05-27 2026-05-27
DOMAIN driver-updater.net 2026-05-27 2026-05-27
DOMAIN windows.driver-store.com 2026-05-27 2026-05-27
DOMAIN driver-store.com 2026-05-27 2026-05-27
DOMAIN apple.driver-store.com 2026-05-27 2026-05-27
HASH 2a10ffe0367bb1b26ba2c3bc600892c… 2026-05-27 2026-05-27
HASH c6ef82d2864dfd26f117a1ef5602679… 2026-05-27 2026-05-27
HASH d4e863f9818bfb2f1dd932df6441dff… 2026-05-27 2026-05-27
HASH b6cab0b3aa8e56e2427f486c74588d5… 2026-05-27 2026-05-27
HASH 402625ec79e3573a80b6de9b33fc1e5… 2026-05-27 2026-05-27
HASH 9c2ce925133a3bf5a924063bbef8df4… 2026-05-27 2026-05-27
HASH 3e3901519c2305fbe9d5483b7234c25… 2026-05-27 2026-05-27
HASH e8ee6f5145c9d503c5130bfc6585567… 2026-05-27 2026-05-27
HASH 0b1a36a31b952341a534fe24890f1ed… 2026-05-27 2026-05-27
HASH 65cba741fe30fa4799fb9002ea8de6d… 2026-05-27 2026-05-27
HASH a35d2b67fa478a7174e308b43ce30bf… 2026-05-27 2026-05-27
HASH 0b028b781950641818800fee2b4bf68… 2026-05-27 2026-05-27
HASH 0a8ab3d16b12d3a453ee5a3208fe047… 2026-05-27 2026-05-27

Related Actors

Related Reports

« Back