Trusted Design

A New Threat Actor Targeting the Cryptocurrency Industry's Software Development Infrastructure

概要

JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.

Created: 2026-05-28

Indicators

• hostname - www.teams.cam -
• FileHash-SHA256 - a35d2b67fa478a7174e308b43ce30bf69b3bc6f44fa76197fdf95fc2fbc1cf5b -
• FileHash-SHA256 - 0b1a36a31b952341a534fe24890f1ed2921ee259773cff46e4f6273b8c4d5d21 -
• hostname - apple.drvstore.com -
• hostname - login.teamicrosoft.com -
• hostname - learn.teams.us.org -
• hostname - teams.live.org.mx -
• hostname - www.slktest.live -
• URL - https://www.iru.com/blog/minirat -
• domain - us03-slack.online -
• hostname - learn.teamicrosoft.com -
• FileHash-MD5 - 3318c614fa7d74b71c81f0e5532cc27e -
• FileHash-SHA256 - c6ef82d2864dfd26f117a1ef5602679153423f2742970a7949cec72722f0a01e -
• FileHash-SHA256 - 9c2ce925133a3bf5a924063bbef8df49918d5b7258695c1894cd18c75970157a -
• FileHash-MD5 - 5fa825564b4ede126005a88ba9efbb54 -
• URL - https://apple.driver-store.com/mac/arm/driver/coreaudiod -
• hostname - login.live.ong -
• domain - byte-io.us -
• hostname - teams.live.ong -
• IPv4 - 185.100.85.250 -
• URL - https://learn.bitget-meeting.com/en-us/troubleshoot/microsoftteams/teams-on-mac/teams-audio-issue-mac -
• hostname - www.teamicrosoft.com -
• FileHash-SHA256 - 65cba741fe30fa4799fb9002ea8de6d96042a59159dd7c3419c766af24c835e6 -
• FileHash-SHA1 - 0614fe623f6014bccae634e15e3c883a41aa89ee -
• hostname - www.driver-update.io -
• hostname - app.us03-slack.online -
• hostname - learn.teams.cam -
• FileHash-SHA1 - db077e20e429b93d9b1187cf09869544d83dbe02 -
• hostname - www.live.ong -
• hostname - apple.driver-hub.net -
• domain - driver-store.com -
• hostname - learn.retesta.live -
• hostname - resource.teamicrosoft.com -
• hostname - www.us03-slack.online -
• domain - slktest.live -
• FileHash-SHA256 - b6cab0b3aa8e56e2427f486c74588d598ae58bb0cbc0eda6939fe171cb0aed17 -
• IPv4 - 185.100.85.98 -
• FileHash-SHA256 - e8ee6f5145c9d503c5130bfc6585567f6e19d409158c3c0ca0b259f1875b15f4 -
• hostname - www.driver-store.com -
• domain - datahub.ink -
• hostname - windows.driver-update.io -
• hostname - my-home-company-group.slktest.live -
• FileHash-SHA256 - 3e3901519c2305fbe9d5483b7234c25c6d2b562512916481d96f26b849c39fdb -
• domain - drvstore.com -
• hostname - teams.retesta.live -
• hostname - www.bitget-meeting.com -
• domain - driver-hub.net -
• hostname - login.retesta.live -
• hostname - windows.driver-store.com -
• URL - http://89.36.224.5/troubleshoot/mac/install.sh -
• FileHash-MD5 - 425dbed05e53394a719c6e0986a9ce87 -
• domain - live.org.mx -
• domain - teams.cam -
• domain - cloud-sync.online -
• hostname - team.live.us.org -
• hostname - live.teams.cam -
• FileHash-SHA256 - 402625ec79e3573a80b6de9b33fc1e503e3c7803603cd958ddd515fb0549007c -
• hostname - windows.driver-hub.net -
• FileHash-MD5 - ce9da8845b153c5ba50281304b77969b -
• hostname - www.driver-hub.net -
• FileHash-SHA256 - 2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460 -
• hostname - sitemaps.driver-store.com -
• hostname - login.teams.cam -
• hostname - teams.live.us.org -
• FileHash-SHA256 - d4e863f9818bfb2f1dd932df6441dff204e6142c3bdb55b298cb08dc7b6a0c62 -
• FileHash-MD5 - 860ef29773cf680ed765cb08ac3072cb -
• hostname - www.driver-updater.net -
• hostname - apple.driver-update.io -
• hostname - windows.drvstore.com -
• hostname - my-home-company-group.us03-slack.online -
• domain - teamicrosoft.com -
• domain - driver-updater.net -
• hostname - login.bitget-meeting.com -
• FileHash-SHA1 - 6ca184cb838a989220254ff1914313d774e65712 -
• hostname - www.drvstore.com -
• hostname - learn.bitget-meeting.com -
• domain - alibaba.xyz -
• FileHash-SHA256 - 0b028b781950641818800fee2b4bf68e4ef2bcee53fe71a21755275ba108783d -
• hostname - resource.bitget-meeting.com -
• hostname - www.live.us.org -
• domain - live.ong -
• hostname - www.retesta.live -
• URL - https://apple.driver-store.com/mac/intel/driver/coreaudiod -
• FileHash-SHA1 - d068b346169ced2ed677e1d4d75becf84829017f -
• FileHash-MD5 - 7bd3201946ef8b8a836bc2f951923adc -
• URL - http://alibaba.xyz/minirat -
• hostname - apple.driver-store.com -
• domain - driver-update.io -
• hostname - learn.live.ong -
• domain - bitget-meeting.com -
• FileHash-SHA1 - e581b38c6d4e659742839f3025a2add0a7e3fe60 -
• URL - https://apple.driver-update.io/troubleshoot/mac/audio-issue-fix.sh -
• FileHash-SHA256 - 0a8ab3d16b12d3a453ee5a3208fe04744ad54514ef8ea27bb8fe32679efad270 -
• FileHash-SHA1 - 2e763321936858b8a566eaadcaf5a7ce064bbad0 -

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る