The APT-C-26 (Lazarus) group has been observed using Electron-packaged malicious programs disguised as cryptocurrency trading tools to target individuals in the cryptocurrency industry. The attack involves a multi-stage process, including the use of poisoned open-source projects, obfuscated malicious code, and various downloaders to steal sensitive information and cryptocurrency wallet data. The group demonstrates sophisticated techniques, including strong code obfuscation and multi-platform attack capabilities. The malware performs functions such as host monitoring, file theft, and browser data exfiltration. The analysis reveals similarities with previous Lazarus campaigns, including the use of Python and JavaScript-based tools, as well as consistent C&C server patterns.