A financially motivated threat cluster tracked as JINX-0164 has been running a multi-vector campaign against cryptocurrency organisations since at least mid-2025. The operation combines LinkedIn social engineering, fake collaboration-tool pages, and direct supply chain compromise to deliver two custom malware families to developer machines and cloud environments.
The social engineering arm works like this: attackers either create convincing recruiter profiles from scratch or hijack legitimate LinkedIn accounts, then approach targets, typically developers, with job opportunities. Victims are invited to virtual interviews hosted on lookalike domains impersonating Microsoft Teams, Slack, and similar platforms. During those fake meetings, macOS malware is pushed to the target's machine under the guise of a technical exercise or onboarding step.
The supply chain strand is more surgical. On 7 April 2026, JINX-0164 compromised the npm package @velora-dex/sdk version 4.9.1, injecting code that silently downloaded a backdoor to any developer machine that pulled the dependency. Once inside a developer environment, the group used stolen credentials to push malicious commits directly to internal code repositories, impersonating legitimate contributors in the process.
Most organisations concentrate endpoint and network controls on production systems. Developer workstations and CI/CD pipelines receive far less scrutiny, yet a single compromised developer account can translate into malicious code reaching production within hours. That is exactly what JINX-0164 is exploiting.
The tactics bear a strong resemblance to North Korean state-affiliated groups, specifically Sapphire Sleet, though Wiz has not confirmed a direct overlap. Whether or not there is a state nexus, the operational discipline here, VPN rotation across ExpressVPN, Mullvad, and Astrill, plausible cover infrastructure, and dual delivery paths, points to a well-resourced and patient adversary.
Cryptocurrency firms are the primary targets today, but the playbook transfers directly to any sector where developers have privileged access to financial systems or sensitive data pipelines. Banks building internal blockchain tooling, fintech teams, and government digital-services units all fit that profile.
JINX-0164 deploys two distinct tools. The first, AUDIOFIX, is a Python-based infostealer and remote-access trojan. It targets 51 cryptocurrency wallet browser extensions and also harvests credentials from browsers, SSH keys, and cloud service tokens. The breadth of that collection means a single successful infection can expose an organisation's source code repositories, cloud tenants, and personal crypto holdings simultaneously.
The second, MINIRAT, is a lightweight backdoor written in Go. Its feature set is deliberately minimal, file upload and download, command execution, which keeps its binary size small and reduces detection surface. It was the payload injected into the compromised npm package.
Delivery infrastructure includes the domains apple.driver-store[.]com and apple.driver-update[.]io, designed to appear as routine Apple update traffic. Command-and-control is handled across datahub[.]ink, cloud-sync[.]online, and byte-io[.]us. The AlienVault OTX pulse corroborates additional infrastructure including bitget-meeting[.]com, a domain mimicking a Teams troubleshooting page, and associates IPs 185.100.85.250 and 185.100.85.98 with the same cluster.
Post-compromise activity follows a consistent pattern: AUDIOFIX credential theft feeds into repository access, which enables malicious commits under a legitimate developer's identity. The injected code then propagates downstream to anyone consuming the affected package, widening the attack surface well beyond the initial victim.
Cryptocurrency exchanges, DeFi protocols, and blockchain infrastructure providers are the stated targets. But the risk is not confined to pure-play crypto firms. Any organisation whose developers consume open-source npm packages, which is nearly every software team, could inadvertently pull a trojaned dependency. Regional banks experimenting with digital assets, government fintech initiatives, and enterprise teams running internal developer portals are all exposed to the supply chain vector.
Individuals receiving unsolicited recruiter outreach on LinkedIn, particularly those working on financial technology or cloud infrastructure, are the entry point for the social engineering strand. Junior developers, who may be more responsive to job approaches, are a specific concern.
Block known malicious infrastructure. Add the confirmed C2 and delivery domains, datahub[.]ink, cloud-sync[.]online, byte-io[.]us, apple.driver-store[.]com, apple.driver-update[.]io, bitget-meeting[.]com, and the associated IPs 185.100.85.250 and 185.100.85.98 to your DNS blocklists and firewall deny rules immediately. These are confirmed indicators of compromise with no legitimate business use.
Audit npm dependencies for the affected package. Search your software bill of materials and pipeline logs for any reference to @velora-dex/sdk version 4.9.1. If found, treat any machine that built or ran code pulling that dependency as potentially compromised. Rotate all credentials and tokens accessible from those environments without waiting for forensic confirmation.
Enforce code-signing and branch protection on internal repositories. Require signed commits on main and release branches. No direct push to protected branches without a peer review step. Alerts on after-hours commits or commits from unfamiliar device fingerprints should go to a security queue, not just the engineering team.
Run targeted awareness with your developer population. Forward the specific LinkedIn recruiter scenario to engineering leads today — not a generic phishing reminder, but the exact cover story: crypto job offers leading to virtual technical interviews with a software installation step. Developers who have received similar approaches in recent months should be asked to report them and submit their machines for review.
Restrict CI/CD pipeline egress. Developer build environments should not be making outbound connections to arbitrary hosts. Allowlist the specific registries, repositories, and cloud endpoints your pipelines genuinely need, and alert on any other outbound traffic. This alone would have limited MINIRAT's ability to phone home after the npm package infection.
The fake interview lure delivering AUDIOFIX is confirmed targeting macOS. The npm supply chain vector for MINIRAT is language- and OS-agnostic — any developer on any platform pulling the affected package version could be infected. Organisations running mixed Windows and macOS developer fleets should treat both as in scope.
There is no single reliable tell. JINX-0164 uses both synthetic profiles and compromised legitimate accounts, which makes visual checks insufficient. The key behavioural signal is any recruiter asking you to join a meeting via a link that does not resolve to a verified corporate domain or that requires software installation before connecting.
No. Blocking known domains reduces exposure but the group will rotate infrastructure. The listed indicators are a starting point, not a complete defence. Pair domain blocking with egress filtering on developer environments, dependency integrity checks, and behavioural monitoring on developer endpoints for a more durable response.
Not formally. Wiz notes tactical similarities to Sapphire Sleet, a North Korean-affiliated cluster, but states explicitly that no confirmed overlap exists. Treat JINX-0164 as a distinct, unattributed financially motivated group until further evidence emerges. Attribution should not affect your remediation priority either way.
