According to a report by Elastic Security Labs, as reported by Odaily, threat actors impersonated venture capital firms and lured targets to open Obsidian notes containing malicious code via LinkedIn and Telegram. This attack utilized Obsidian's Shell Commands plugin to execute a malicious payload without exploiting vulnerabilities when the victim opened the notes library. The attack discovered PHANTOMPULSE, a previously undocumented Windows Remote Access Trojan (RAT), enabled blockchain C2 communication via Ethereum transaction data. The macOS payload used an obfuscated AppleScript delivery tool and a Telegram channel as a backup C2. Elastic Defend detected and blocked the attack before PHANTOMPULSE could execute.
Hackers used the Obsidian plugin to launch the PHANTOMPULSE Trojan.
2026-04-15 06:50:41
Share
Disclaimer: This article is copyrighted by the original author and does not represent MyToken’s views and positions. If you have any questions regarding content or copyright, please contact us.(www.mytokencap.com)contact
About MyToken:https://www.mytokencap.com/en/aboutusArticle Link:https://www.mytokencap.com/en/choicenews/3167455.html
More exciting content is available on
X(https://x.com/MyTokencap)or join the community to learn more:MyToken-English Telegram Group
(https://t.me/mytokenGroup)
X(https://x.com/MyTokencap)or join the community to learn more:MyToken-English Telegram Group
(https://t.me/mytokenGroup)