Objective-See analyzed a macOS backdoor that the post attributes to Lazarus and ties to the AppleJeus-style use of fake cryptocurrency trading software. The JMT Trading campaign used a legitimate-looking website and GitHub release downloads to distribute JMTTrader_Mac.dmg, which installed hidden LaunchDaemon and CrashReporter components under /Library/JMTTrader after requesting administrator privileges. The persistence plist ran CrashReporter with the Maintain argument, and the sample is described as a Mach-O 64-bit executable with an ad-hoc signature, a Chrome-like user agent, multipart form-data strings, and likely download or C2-related strings. The activity matters for DPRK-focused tracking because it shows Lazarus continuing to package macOS malware inside convincing crypto-trading applications rather than relying only on Windows payloads.