This campaign involves Lazarus Group targeting users with spearphishing emails, then installing a set of malicious apps called “TraderTraitor” that disguise themselves as a legitimate cryptocurrency trading application. The ultimate goal is conducting fraudulent activities on the blockchain, often stealing users’ cryptocurrency wallets. Ref https://duo.com/decipher/cisa-lazarus-apt-targeting-blockchain-orgs-with-tradertraitor-malware