The WaveString case involved Lazarus-linked supply-chain activity around the Coinis cryptocurrency trading platform and the fake software company Celas. Kaspersky reporting described attackers stealing a code-signing certificate and using it to sign malware disguised as an OpenSSL library, then pushing malicious files through the Coinis HTS update path to reach cryptocurrency users and exchanges.