ESRC analyzed a Thallium-linked multi-platform cryptocurrency-wallet campaign that combined supply-chain style Android abuse with Windows installers disguised as legitimate domestic wallet firmware or update programs. The Android app was distributed through Google Play for a period and targeted wallet passcodes, while Windows variants modified bundled configuration or code to communicate with attacker-controlled C2 such as kasse-v1.hdac-wallet[.]com, kasse.hdac-tech[.]com, update.hdac-tech[.]com, and wallet.hdac-tech[.]com. ESRC tied the Windows samples to prior Thallium activity through matching string-encryption logic and the “<*IMPOSSIBLE*>” mutex observed in earlier June malware. The campaign illustrates Thallium’s use of trusted cryptocurrency software themes, direct email distribution, and selective tampering to steal wallet-related assets.