Wiz has documented JINX-0164, a previously undocumented financially-motivated threat actor targeting cryptocurrency firms via recruitment-themed social engineering and bespoke macOS malware since at least mid-2025. The chain starts with credible LinkedIn profiles offering virtual meetings; victims are steered to a rogue teleconference page that delivers a malicious 'meeting client.' A bash script then pulls AUDIOFIX, a Python-based macOS infostealer and RAT, from apple.driver-store[.]com. The payload is architecture-aware (Intel and Apple Silicon), saved as ChromeUpdater, masquerades as the system audio daemon coreaudiod, and persists via launchctl. AUDIOFIX moves laterally from developer laptops into code-distribution and CI/CD infrastructure, modifying source code to steal wallets at scale.