• Latest
Mac malware campaign targets crypto coders — Arabian Post

Mac malware campaign targets crypto coders — Arabian Post

May 29, 2026
SACM orders crackdown on illegal construction across Galiyat

SACM orders crackdown on illegal construction across Galiyat

July 13, 2026
Disney’s ‘Moana’ makes an underwhelming splash at box office

Disney’s ‘Moana’ makes an underwhelming splash at box office

July 13, 2026
Singaporean asks why companies pay new hires 20% more while loyal employees get 2% to 4% raises

Singaporean asks why companies pay new hires 20% more while loyal employees get 2% to 4% raises

July 13, 2026
Carlyle Consortium set to take control of defence parts supplier Micropack

Carlyle Consortium set to take control of defence parts supplier Micropack

July 13, 2026
Clavicular cuts a path across Tel Aviv, dividing pro-Israel influencers over his record of antisemitism

Clavicular cuts a path across Tel Aviv, dividing pro-Israel influencers over his record of antisemitism

July 13, 2026
Lindsey Graham Championed Israel, Even as Wars Eroded American Support

Lindsey Graham Championed Israel, Even as Wars Eroded American Support

July 13, 2026
Five workers killed by India-backed terrorists in Balochistan’s Mashkel

Five workers killed by India-backed terrorists in Balochistan’s Mashkel

July 13, 2026
Typhoon Bavi Hits China, Causing Evacuations, Floods and Flight Delays

Typhoon Bavi Hits China, Causing Evacuations, Floods and Flight Delays

July 13, 2026
Vatican ambassador visits Israel Museum’s archaeology wing

Vatican ambassador visits Israel Museum’s archaeology wing

July 12, 2026
Trump aide Graham, who backed tariffs on India, passes away

Trump aide Graham, who backed tariffs on India, passes away

July 12, 2026
Man urges Novena Square 2 to install urinal dividers after cramped layout raises privacy concerns

Man urges Novena Square 2 to install urinal dividers after cramped layout raises privacy concerns

July 12, 2026
De Beyrouth à l’académie française, Amin Maalouf

De Beyrouth à l’académie française, Amin Maalouf

July 13, 2026
Monday, July 13, 2026
  • About us
  • Advertise with us
  • Submit Articles
  • Privacy Policy
  • Contact us
Asia Today
No Result
View All Result
Subscribe
  • Login
  • Eastern Asia
    • China
    • Japan
    • Mongolia
    • North Korea
    • South Korea
  • South-eastern Asia
    • Brunei
    • Cambodia
    • Indonesia
    • Laos
    • Malaysia
    • Myanmar
    • Philippines
    • Singapore
    • Thailand
    • Timor Leste
    • Vietnam
  • Southern Asia
    • Afghanistan
    • Bangladesh
    • Bhutan
    • India
    • Iran
    • Maldives
    • Nepal
    • Pakistan
    • Sri Lanka
  • Central Asia
    • Kazakhstan
    • Kyrgyzstan
    • Tajikistan
    • Turkmenistan
    • Uzbekistan
  • Western Asia
    • Armenia
    • Azerbaijan
    • Bahrain
    • Cyprus
    • Georgia
    • Iraq
    • Israel
    • Jordan
    • Kuwait
    • Lebanon
    • Oman
    • Qatar
    • Saudi Arabia
    • State of Palestine
    • Syria
    • Turkey
    • United Arab Emirates
    • Yemen
  • More News
    • Opinion
    • Politics
    • Business
    • Entertainment
    • Fashion
    • Food
    • Health
    • Lifestyle
    • Science
    • Tech
    • Sports
  • Eastern Asia
    • China
    • Japan
    • Mongolia
    • North Korea
    • South Korea
  • South-eastern Asia
    • Brunei
    • Cambodia
    • Indonesia
    • Laos
    • Malaysia
    • Myanmar
    • Philippines
    • Singapore
    • Thailand
    • Timor Leste
    • Vietnam
  • Southern Asia
    • Afghanistan
    • Bangladesh
    • Bhutan
    • India
    • Iran
    • Maldives
    • Nepal
    • Pakistan
    • Sri Lanka
  • Central Asia
    • Kazakhstan
    • Kyrgyzstan
    • Tajikistan
    • Turkmenistan
    • Uzbekistan
  • Western Asia
    • Armenia
    • Azerbaijan
    • Bahrain
    • Cyprus
    • Georgia
    • Iraq
    • Israel
    • Jordan
    • Kuwait
    • Lebanon
    • Oman
    • Qatar
    • Saudi Arabia
    • State of Palestine
    • Syria
    • Turkey
    • United Arab Emirates
    • Yemen
  • More News
    • Opinion
    • Politics
    • Business
    • Entertainment
    • Fashion
    • Food
    • Health
    • Lifestyle
    • Science
    • Tech
    • Sports
No Result
View All Result
Morning News
No Result
View All Result
Home Western Asia United Arab Emirates

Mac malware campaign targets crypto coders — Arabian Post

by Asia Today Team
May 29, 2026
in United Arab Emirates
Reading Time: 3 mins read
21 1
A A
0
Mac malware campaign targets crypto coders — Arabian Post
25
SHARES
308
VIEWS
Share on FacebookShare on Twitter

READ ALSO

UAE intercepts Iranian missiles and drones — Arabian Post

US eases technology and defence exports to UAE — Arabian Post


Cryptocurrency builders have change into the main focus of a brand new macOS-focused cyber marketing campaign that makes use of faux recruiter approaches, malicious assembly hyperlinks and compromised software program pipelines to steal digital belongings and unfold malware via trusted inner methods.

The exercise is being tracked as JINX-0164, a beforehand unreported financially motivated menace actor lively since at the least mid-2025. Investigators discovered that the group has focused cryptocurrency organisations by approaching builders and workers via credible LinkedIn profiles, then steering them in direction of bogus on-line assembly platforms or job-related technical duties that result in malware set up.

The marketing campaign marks a shift from standard credential theft in direction of deeper assaults on growth infrastructure. As soon as a developer’s workstation is compromised, the attacker seeks entry to inner repositories, construct methods and code distribution channels, turning the sufferer’s personal engineering atmosphere right into a path for wider an infection. At the least one intrusion unfolded over about two weeks, starting with social engineering and ending with malicious source-code modifications designed to compromise extra endpoints.

The malware on the centre of the marketing campaign is AUDIOFIX, a Python-based macOS stealer and distant entry trojan. It’s delivered via scripts hosted on spoofed infrastructure that mimics trusted expertise companies, together with faux Apple-related domains. The payload is constructed to run on each Intel and Apple Silicon machines, rising its usefulness in opposition to developer groups that rely closely on macOS laptops.

After execution, AUDIOFIX makes an attempt to assemble credentials from macOS Keychain recordsdata, browser shops, password managers, native administrator accounts, SSH keys, configuration recordsdata, shell historical past and cryptocurrency pockets information. It additionally targets periods from communications platforms akin to Slack, Discord and Telegram, giving the attacker potential entry to group discussions, engineering channels and operational particulars. Cloud secrets and techniques, together with credentials linked to AWS, Google Cloud, Azure and Cloudflare, are additionally among the many materials sought.

The attacker’s behaviour reveals a selected curiosity in software program growth pipelines reasonably than broad cloud exploitation. Though some cloud sign-in makes an attempt had been noticed, the first goal gave the impression to be the abuse of Git repositories and CI/CD methods. In a single case, the actor injected AUDIOFIX into inner repositories, altered committer names and e mail fields to impersonate different builders, pushed code on to predominant branches the place protections had been weak, and hijacked present branches when direct entry was unavailable.

This method will increase the danger of secondary infections as a result of workers who pull code or construct from compromised repositories could unknowingly execute the malware. It additionally creates a possible route into supply-chain assaults, the place malicious code will be distributed via respectable channels and seem to return from trusted inner groups.

JINX-0164 has additionally been linked to MiniRAT, a Go-based backdoor distributed earlier via a compromised model of the npm bundle @velora-dex/sdk, a toolkit related to decentralised finance exercise. That episode underlined the broader danger dealing with Web3 and crypto builders, who usually rely upon open-source packages, automated builds and fast deployment workflows.

The marketing campaign resembles techniques utilized by a number of North Korea-linked clusters which have focused cryptocurrency staff via faux jobs, coding assessments and video-call lures. Nevertheless, investigators haven’t established sufficient proof to hyperlink JINX-0164 to a state sponsor. The dearth of infrastructure overlap with publicly tracked teams has stored attribution cautious, despite the fact that the sector focus and social-engineering strategies are acquainted to menace hunters.

Using recruiter themes stays efficient as a result of builders are accustomed to technical screening, code challenges and on-line conferences. Attackers exploit that routine by presenting malicious downloads as assembly fixes, drivers or venture dependencies. The method is especially harmful in cryptocurrency corporations, the place developer machines could maintain pockets information, deployment keys, alternate credentials and entry to delicate repositories.

The findings add to rising concern over developer workstations as a part of the software program provide chain. Safety groups have historically targeted on cloud environments, manufacturing servers and perimeter controls, however the marketing campaign reveals how a single laptop computer can change into a bridge into supply code, secrets and techniques and launch methods. Sturdy department safety, verified commits, hardware-backed keys, endpoint monitoring, restricted token scopes and tighter assessment of CI/CD secrets and techniques have change into central defensive measures.

For cryptocurrency corporations, the fast danger isn’t restricted to stolen wallets. A compromised developer account can expose personal repositories, inner tooling, customer-facing code and bundle publishing rights. That mixture can enable attackers to maneuver from particular person theft to broader ecosystem compromise, particularly the place launch pipelines lack separation of duties or the place automated methods settle for code modifications with restricted scrutiny.



Source link

Tags: ArabiancampaigncoderscryptoMacmalwarePosttargets

Related Posts

UAE intercepts Iranian missiles and drones — Arabian Post
United Arab Emirates

UAE intercepts Iranian missiles and drones — Arabian Post

July 12, 2026
US eases technology and defence exports to UAE — Arabian Post
United Arab Emirates

US eases technology and defence exports to UAE — Arabian Post

July 12, 2026
AI-built malware maps corporate networks during intrusion — Arabian Post
United Arab Emirates

AI-built malware maps corporate networks during intrusion — Arabian Post

July 11, 2026
Emrill opens central warehouse to sharpen Dubai operations — Arabian Post
United Arab Emirates

Emrill opens central warehouse to sharpen Dubai operations — Arabian Post

July 10, 2026
Belgium rises to third in EU air freight — Arabian Post
United Arab Emirates

Belgium rises to third in EU air freight — Arabian Post

July 10, 2026
5 Law Firms Making a Difference in San Diego — Arabian Post
United Arab Emirates

5 Law Firms Making a Difference in San Diego — Arabian Post

July 9, 2026
Asia Today

Copyright © 2022 Asia Today.

Navigate Site

  • Disclaimer
  • Privacy Policy
  • Cookie Privacy Policy
  • DMCA
  • Terms and Conditions
  • Contact us

Follow Us

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Homepages
  • World
  • Eastern Asia
    • China
    • Japan
    • Mongolia
    • North Korea
    • South Korea
  • South-eastern Asia
    • Brunei
    • Cambodia
    • Indonesia
    • Laos
    • Malaysia
    • Myanmar
    • Philippines
    • Singapore
    • Thailand
    • Timor Leste
    • Vietnam
  • Southern Asia
    • Afghanistan
    • Sri Lanka
    • Bangladesh
    • Bhutan
    • India
    • Iran
    • Maldives
    • Nepal
    • Pakistan
    • Central Asia
    • Kazakhstan
    • Kyrgyzstan
    • Tajikistan
    • Turkmenistan
    • Uzbekistan
  • Western Asia
    • Armenia
    • Azerbaijan
    • Bahrain
    • Cyprus
    • Georgia
    • Iraq
    • Israel
    • Jordan
    • Kuwait
    • Lebanon
    • Oman
    • Qatar
    • Saudi Arabia
    • State of Palestine
    • Syria
    • Turkey
    • United Arab Emirates
    • Yemen
  • Opinion
  • Politics
  • Business
  • Entertainment
  • Fashion
  • Food
  • Health
  • Lifestyle
  • Science
  • Tech
  • Travel
  • Sports
  • About us
  • Advertise with us
  • Privacy Policy
  • Contact us
  • Support AsiaToday

Copyright © 2022 Asia Today.