THE JINX-0164 cyber threat focuses on macOS cryptocurrency malware targeting financial software developers through sophisticated social engineering techniques. Attackers leverage fake LinkedIn profiles to build trust with potential victims and arrange fake meetings that trick them into downloading malicious scripts under the guise of fixing technical errors.
Once activated, these scripts deploy the AUDIOFIX malware, which steals sensitive data from keychain files, browser history, and session keys from communication platforms. The attackers manipulate internal code repositories to inject malicious payloads, exemplified by a trojanized npm package that installs a backdoor. To counter these threats, organizations are advised to implement stringent verification processes, utilize GitHub’s Vigilant Mode, and avoid executing suspicious scripts.