The source describes an APT38 or Lazarus-attributed social-engineering operation that targeted a CEO through Discord and pushed a fake online meeting download. The download flow used a passcode-protected page and delivered a small macOS DMG containing a Bash script and embedded Mach-O binary named .WaveCall. The malware used osascript to execute payloads, hid the terminal, attempted to obtain Chrome passwords from Keychain, and repeatedly prompted the user for credentials if access failed. It also enumerated many Chrome extension IDs associated with cryptocurrency wallets, making the case relevant to DPRK macOS credential and crypto-asset theft tracking.