360 attributes a cryptocurrency-focused intrusion to APT-C-26, described as Lazarus, targeting digital currency organizations and related personnel. The attackers allegedly imitated the open-source Qt Bitcoin Trader application with a Windows and macOS trading tool named Celas Trade Pro that included a backdoor updater module. When launched, the software collected local details such as process lists, computer name, and system information, encrypted the data, and sent it to a remote server before receiving malicious code from the cloud. The activity matters because it shows a financially motivated Lazarus-linked shift from traditional banking targets toward cryptocurrency users and institutions.