Lazarus used a fake software company called Celas to distribute a cryptocurrency trading application that covertly compromised users, according to Kaspersky Lab researchers speaking at Cyber Week 2018. The operation relied on suspicious corporate registration details and trusted-looking certificates, making it a fake supply-chain attack against cryptocurrency traders and exchanges. Kaspersky also linked Lazarus activity to the Coinis/WaveString breach, where attackers allegedly stole a company code-signing certificate and used it to sign malware disguised as an OpenSSL library and push malicious files through the Coinis HTS update path. The activity reflects Lazarus' shift from espionage toward financially motivated cybercrime targeting cryptocurrency assets.