Signal

New macOS malware campaigns target cryptocurrency firms and users via fake recruiters and download sites

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-27 18:57 UTCUpdated 2026-05-28 11:30 UTC

rss

malwaremacoscryptocurrencysocial_engineeringincident_response

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

Infosecurity Magazine · News · infosecurity-magazine.com · 2026-05-28 11:30 UTC

Fake ChatGPT download site infects Windows and Mac users with malware

Malwarebytes Threat Analysis · News · malwarebytes.com · 2026-05-28 10:18 UTC

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

thehackernews · News · thehackernews.com · 2026-05-28 07:54 UTC

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Securelist (Kaspersky) · News · securelist.com · 2026-05-28 06:55 UTC

View all evidence

Overview

A newly identified threat actor, JINX-0164, has launched targeted attacks against cryptocurrency organizations using sophisticated social engineering and custom macOS malware delivered through fake recruiter lures.

Score total

1.36

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

JINX-0164's recent campaign shows evolving social engineering tactics against crypto firms.
Fake ChatGPT download sites exploit user trust in popular AI tools to spread malware.
Ongoing infections via pirated streaming sites highlight persistent threats to end users.

Why it matters

Cryptocurrency developers and users face increasing risks from targeted malware campaigns.
Fake software downloads can lead to credential theft and loss of digital assets.
Pirated content sites remain a vector for malware distribution affecting user security.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

JINX-0164 targets cryptocurrency firms using fake recruiter lures and custom macOS malware
Fake ChatGPT download site infects Windows and macOS users with malware stealing credentials and cryptocurrency wallets
Cybercrime gang distributes cryptocurrency miners via fake video player updates on pirated streaming sites

How sources frame it

The Hacker News: neutral

All evidence

All evidence

New Threat Actor Jinx-0164 Targets Crypto Developers on macOS

Infosecurity Magazine · infosecurity-magazine.com · 2026-05-28 11:30 UTC

Fake ChatGPT download site infects Windows and Mac users with malware

Malwarebytes Threat Analysis · malwarebytes.com · 2026-05-28 10:18 UTC

JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware

thehackernews · thehackernews.com · 2026-05-28 07:54 UTC

Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Securelist (Kaspersky) · securelist.com · 2026-05-28 06:55 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

Infosecurity Magazine (1)
Malwarebytes Threat Analysis (1)
thehackernews (1)
Securelist (Kaspersky) (1)

Top origin domains (this list)

infosecurity-magazine.com (1)
malwarebytes.com (1)
thehackernews.com (1)
securelist.com (1)