Threat Actor Targets Crypto Organizations
Contents
Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure
Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations.
The Wiz Customer Incident Response Team (CIRT) has investigated multiple intrusions targeting cryptocurrency organizations. These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure. The used methods enabled the threat actor to move laterally from compromised employee laptops to code distribution systems and development infrastructure.
The Wiz Research team has identified the actor behind these attacks as JINX-0164, a previously unreported actor that Wiz is now tracking. This actor has been active since at least mid-2025 and appears to be motivated by financial gain. Their operations targeted developers through recruitment-themed and other social engineering techniques aiming to steal cryptocurrencies, and, in at least one case, conduct a supply chain …
Wiz CIRT and Wiz Research detail JINX-0164, a threat actor using LinkedIn social engineering, custom macOS malware, and CI/CD hijacking to target cryptocurrency organizations.
The Wiz Customer Incident Response Team (CIRT) has investigated multiple intrusions targeting cryptocurrency organizations. These campaigns leveraged sophisticated social engineering techniques, custom macOS malware, and deep targeting of CI/CD infrastructure. The used methods enabled the threat actor to move laterally from compromised employee laptops to code distribution systems and development infrastructure.
The Wiz Research team has identified the actor behind these attacks as JINX-0164, a previously unreported actor that Wiz is now tracking. This actor has been active since at least mid-2025 and appears to be motivated by financial gain. Their operations targeted developers through recruitment-themed and other social engineering techniques aiming to steal cryptocurrencies, and, in at least one case, conduct a supply chain …
IoC
http://apple.driver-store.com
http://89.36.224.5/troubleshoot/mac/install.sh
https://api.ipify.org
https://learn.bitget-meeting.com/en-us/troubleshoot/microsoftteams/teams-on-mac/teams-audio-issue-mac
89.36.224.5
9c2ce925133a3bf5a924063bbef8df49918d5b7258695c1894cd18c75970157a
0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270
http://89.36.224.5/troubleshoot/mac/install.sh
https://api.ipify.org
https://learn.bitget-meeting.com/en-us/troubleshoot/microsoftteams/teams-on-mac/teams-audio-issue-mac
89.36.224.5
9c2ce925133a3bf5a924063bbef8df49918d5b7258695c1894cd18c75970157a
0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270