A previously undocumented threat actor is conducting highly targeted attacks against cryptocurrency organizations, using fake recruitment opportunities, custom macOS malware, and software supply chain compromises to gain access to development environments and cloud infrastructure.

Researchers at Wiz Research have identified the group as JINX-0164, a financially motivated actor that has been active since at least mid-2025. Unlike many crypto-focused threat groups that target wallets and exchanges directly, JINX-0164 is going after the software development infrastructure that powers crypto companies.

The Attack Starts on LinkedIn

According to Wiz's investigation, the threat actor's ope...