Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

2026-05-27 Wiz

https://www.wiz.io/blog/threat-actors-target-crypto-orgs

Thumbnail for Commit to Compromise: A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

Wiz identified JINX-0164, a previously unreported financially motivated actor targeting cryptocurrency organizations and developers through LinkedIn recruitment/business lures, fake conferencing pages, and malicious macOS “fix” scripts. The actor deploys AUDIOFIX, a Python infostealer/backdoor that steals wallet, browser, cloud, GitHub, CI/CD, and local macOS secrets, then uses stolen development credentials to access code distribution systems and inject malware into internal repositories. JINX-0164 also trojanized @velora-dex/sdk version 4.9.1 on npm to deliver the Go-based MINIRAT backdoor, showing supply-chain capability against cryptocurrency software infrastructure. Wiz notes tactical similarities to North Korea-linked groups such as UNC1069/Sleet and Sapphire Sleet, but found distinct implementations and no infrastructure overlap, so it does not attribute the activity to a state sponsor.

Indicators of Compromise

Type Value First Seen Last Seen
IPv4 185.175.59.85 2026-05-27 2026-05-27
IPv4 163.172.53.20 2026-05-27 2026-05-27
IPv4 185.100.85.250 2026-05-27 2026-05-27
IPv4 89.36.224.5 2026-05-27 2026-05-27
URL http://89.36.224.5/troubleshoot… 2026-05-27 2026-05-27
URL https://apple.driver-update.io/… 2026-05-27 2026-05-27
URL https://learn.bitget-meeting.co… 2026-05-27 2026-05-27
DOMAIN retesta.live 2026-05-27 2026-05-27
DOMAIN lives.us.org 2026-05-27 2026-05-27
DOMAIN teams.us.org 2026-05-27 2026-05-27
DOMAIN live.ong 2026-05-27 2026-05-27
DOMAIN slktest.live 2026-05-27 2026-05-27
DOMAIN app.us03-slack.online 2026-05-27 2026-05-27
DOMAIN us03-slack.online 2026-05-27 2026-05-27
DOMAIN teams.live.org.mx 2026-05-27 2026-05-27
DOMAIN live.org.mx 2026-05-27 2026-05-27
DOMAIN teams.live.us.org 2026-05-27 2026-05-27
DOMAIN live.us.org 2026-05-27 2026-05-27
IPv4 185.100.85.98 2026-05-27 2026-05-27
DOMAIN teams.cam 2026-05-27 2026-05-27
DOMAIN learn.teamicrosoft.com 2026-05-27 2026-05-27
DOMAIN teamicrosoft.com 2026-05-27 2026-05-27
DOMAIN learn.bitget-meeting.com 2026-05-27 2026-05-27
DOMAIN bitget-meeting.com 2026-05-27 2026-05-27
DOMAIN byte-io.us 2026-05-27 2026-05-27
DOMAIN cloud-sync.online 2026-05-27 2026-05-27
IPv4 208.115.220.17 2026-05-27 2026-05-27
DOMAIN datahub.ink 2026-05-27 2026-05-27
IPv4 84.32.83.250 2026-05-27 2026-05-27
DOMAIN drvstore.com 2026-05-27 2026-05-27
IPv4 45.45.217.242 2026-05-27 2026-05-27
DOMAIN driver-hub.net 2026-05-27 2026-05-27
DOMAIN driver-update.io 2026-05-27 2026-05-27
IPv4 153.92.126.84 2026-05-27 2026-05-27
DOMAIN apple.driver-update.io 2026-05-27 2026-05-27
DOMAIN driver-updater.net 2026-05-27 2026-05-27
DOMAIN windows.driver-store.com 2026-05-27 2026-05-27
DOMAIN driver-store.com 2026-05-27 2026-05-27
DOMAIN apple.driver-store.com 2026-05-27 2026-05-27
HASH 5fa825564b4ede126005a88ba9efbb54 2026-05-27 2026-05-27
HASH 72e594ead2413c093ef5b538f6d453aa 2026-05-27 2026-05-27
HASH 7508f1015bd4cf42e35ff7a94d4e3108 2026-05-27 2026-05-27
HASH ce9da8845b153c5ba50281304b77969b 2026-05-27 2026-05-27
HASH 886478774149b61bb7a8d3c7699a3fa8 2026-05-27 2026-05-27
HASH 425dbed05e53394a719c6e0986a9ce87 2026-05-27 2026-05-27
HASH d4477df4b05a1778579df133d115fd2f 2026-05-27 2026-05-27
HASH 0a3a9221e91bb978f79cfc1d55deadff 2026-05-27 2026-05-27
HASH 863c576f70be9dd7a5d817f4dcd0323f 2026-05-27 2026-05-27
HASH 98f9101bdd25da3a54da1891ae57f3dc 2026-05-27 2026-05-27
HASH 3318c614fa7d74b71c81f0e5532cc27e 2026-05-27 2026-05-27
HASH 860ef29773cf680ed765cb08ac3072cb 2026-05-27 2026-05-27
HASH 7bd3201946ef8b8a836bc2f951923adc 2026-05-27 2026-05-27

Related Actors

Related Reports

« Back