Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 29, 2026 | 16:02 UTC
6655 CVEs This Month
20 Actively Exploited
4 Ransomware Activity
23 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
Threat Intelligence

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Thirumala Rao Padilam Thirumala Rao Padilam May 28, 2026
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

Researchers have uncovered a new threat actor, JINX-0164, conducting campaigns against cryptocurrency organizations by employing recruitment-themed social engineering schemes combined with custom macOS malware. The attacks focus on penetrating CI/CD infrastructure to facilitate digital asset theft.

What happened

Security researchers identified a previously undocumented threat actor, dubbed JINX-0164, launching targeted attacks against cryptocurrency companies. The actor uses sophisticated social engineering strategies presenting fake recruitment offers to trick victims. Alongside these lures, the attacker deploys bespoke malware designed specifically for macOS systems to infiltrate their targets. The campaigns leverage deep targeting of CI/CD (Continuous Integration/Continuous Deployment) infrastructure, a critical component of software development pipelines in these organizations.

Why it matters

This campaign highlights the rising complexity and specialization of cyber threats against cryptocurrency firms, which hold valuable digital assets at risk. The use of recruitment-themed social engineering tactics reflects an evolution in adversaries’ approaches to gain initial access by exploiting human trust. Additionally, the tailored macOS malware signals an increasing attention to attacking platforms that may be seen as less targeted compared to Windows. The focus on CI/CD infrastructure underscores the potential for attackers to compromise the software supply chain, potentially amplifying damage beyond individual endpoints.

What security teams should do

Security teams in cryptocurrency firms and related industries should raise awareness about recruitment-themed phishing and social engineering attempts among employees. Monitoring for suspicious communication and access patterns within CI/CD pipelines can help detect intrusion attempts early. Given the use of custom macOS malware, defenders should ensure that endpoint security solutions are capable of identifying and mitigating threats on macOS platforms. Reviewing and strengthening identity and access management controls around CI/CD infrastructure is advisable to limit attack surface exposure.

Key technical details

The campaign involves custom-developed malware specifically targeting macOS devices, though detailed technical indicators were not disclosed. Social engineering techniques center around fake recruiter identities seeking to engage cryptocurrency firm employees, likely to establish trust for subsequent payload delivery. The strategic targeting of CI/CD infrastructure suggests attackers aim to leverage compromised development processes to escalate privileges or implant secondary malicious components, potentially affecting software integrity and asset security.

Affected organizations/products

Cryptocurrency organizations and their software development environments utilizing macOS endpoints and CI/CD infrastructure are the primary targets of this campaign documented by Wiz researchers.

Source attribution

https://thehackernews.com/2026/05/jinx-0164-targets-cryptocurrency-firms.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!