360 Core Security attributed a cryptocurrency-sector attack, tracked as APT-C-26 and suspected to involve Lazarus, to trojanized digital currency trading software named Celas Trade Pro. The attackers modified the open source Qt Bitcoin Trader application by adding an updater backdoor and promoted the fake trading software to cryptocurrency institutions and related individuals. The Windows and macOS versions collected process lists, computer names, and system information, encrypted the data, sent it to a server, and executed malicious code returned by the server. The report identifies celasllc.com/checkupdate.php and sample hashes as key indicators, highlighting continued targeting of cryptocurrency users and organizations for financially motivated operations.