EarlyNarratives
Pricing
Start free trialSign in
Start free trialSign in
Storyline

New macOS malware campaigns target cryptocurrency firms and users via fake recruiters and download sites

A newly identified threat actor, JINX-0164, has launched targeted attacks against cryptocurrency organizations using sophisticated social engineering and custom macOS malware delivered through fake recruiter lures.

Published 2026-05-26 21:35 UTCUpdated 2026-05-28 11:30 UTC
Current brief openSource links open
This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.
BackEvidence (4)Get the free brief by emailStart free trial
No card needed for the free brief.
Evidence trail (top sources)
top sources (4 domains)domains are deduped. counts indicate coverage, not truth.
4 top sources shown
Fake ChatGPT download site infects Windows and Mac users with malware
Malwarebytes Threat Analysis · News · malwarebytes.com · 2026-05-28 10:18 UTC
View all evidence
Overview

A newly identified threat actor, JINX-0164, has launched targeted attacks against cryptocurrency organizations using sophisticated social engineering and custom macOS malware delivered through fake recruiter lures.

Score total
1.36
Momentum 24h
4
Posts
4
Origins
4
Source types
1
Duplicate ratio
0%
Why now
  • JINX-0164's recent campaign shows evolving social engineering tactics against crypto firms.
  • Fake ChatGPT download sites exploit user trust in popular AI tools to spread malware.
  • Ongoing infections via pirated streaming sites highlight persistent threats to end users.
Why it matters
  • Cryptocurrency developers and users face increasing risks from targeted malware campaigns.
  • Fake software downloads can lead to credential theft and loss of digital assets.
  • Pirated content sites remain a vector for malware distribution affecting user security.
Continuity snapshot
  • Trend status: insufficient_history.
  • Continuity stage: broad_confirmed.
  • Current status: open.
  • 4 current source-linked posts are attached to this storyline.
All evidence
All evidence
New Threat Actor Jinx-0164 Targets Crypto Developers on macOS
Infosecurity Magazine · infosecurity-magazine.com · 2026-05-28 11:30 UTC
Fake ChatGPT download site infects Windows and Mac users with malware
Malwarebytes Threat Analysis · malwarebytes.com · 2026-05-28 10:18 UTC
JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware
thehackernews · thehackernews.com · 2026-05-28 07:54 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -
Showing 4 / 0
Top publishers (this list)
  • Infosecurity Magazine (1)
  • Malwarebytes Threat Analysis (1)
  • thehackernews (1)
  • Securelist (Kaspersky) (1)
Top origin domains (this list)
  • infosecurity-magazine.com (1)
  • malwarebytes.com (1)
  • thehackernews.com (1)
  • securelist.com (1)