Wiz: JINX-0164 used fake LinkedIn calls and macOS malware to hijack dev CI/CD

Wiz reported on May 27, 2026 that a threat group it tracks as JINX-0164 has been approaching crypto developers on LinkedIn and luring them into fake meeting links that install macOS malware. The campaign is designed to steal credentials and take over CI/CD pipelines, and it includes a confirmed supply-chain incident involving a trojanized npm package version released on April 7, 2026.