A group active since 2023 distributes the macOS backdoor FlutterShell through Google-verified shell companies, which is signed with valid Apple IDs and can be remotely controlled in real time.
The JINX-0164 group compromises crypto developers through fake LinkedIn job interviews to deploy the Python malware AUDIOFIX, which steals passwords, SSH keys, and cryptocurrency wallet data.