Cybersecurity experts are warning cryptocurrency users of a sophisticated new scam utilizing the popular note-taking application Obsidian. Attackers are luring victims through elaborate social engineering on platforms like LinkedIn and Telegram. They convince individuals to install malicious community plugins within Obsidian, which then secretly execute malware.
This malware, dubbed "PHANTOMPULSE" by Elastic Security Labs, allows attackers to gain full control over a victim's Windows or macOS device. The scam operates by having victims connect to a cloud-hosted vault controlled by the attackers. Once a user enables community plugin synchronization, the trojanized plugins silently run the attack chain. The malware uses decentralized command-and-control mechanisms across multiple blockchain networks, making it difficult to trace and block. Financial and crypto firms are advised to implement strict app-level plugin policies to defend against such evolving threats.