According to Huoxun Finance, security research firm Elastic Security Labs disclosed a new social engineering attack campaign targeting individuals in the finance and cryptocurrency industries. Attackers impersonated venture capital firms on LinkedIn and Telegram, tricking targets into opening Obsidian notes containing a malicious payload. This led to the deployment of the previously undetected Windows remote control Trojan, PHANTOMPULSE. The attack doesn't exploit any software vulnerabilities but instead abuses Obsidian's Shell Commands plugin to automatically execute malicious code when the notes library is opened. On macOS, an obfuscated AppleScript dispenser is used in conjunction with a Telegram channel as a backup command control server. On Windows, Ethereum transaction data is used to achieve blockchain-based C2 address resolution.
Security agencies: Hackers are using Obsidian to spread the PHANTOMPULSE Trojan.
2026-04-15 07:07:02
Share
Disclaimer: This article is copyrighted by the original author and does not represent MyToken’s views and positions. If you have any questions regarding content or copyright, please contact us.(www.mytokencap.com)contact
About MyToken:https://www.mytokencap.com/en/aboutusArticle Link:https://www.mytokencap.com/en/choicenews/3167743.html
More exciting content is available on
X(https://x.com/MyTokencap)or join the community to learn more:MyToken-English Telegram Group
(https://t.me/mytokenGroup)
X(https://x.com/MyTokencap)or join the community to learn more:MyToken-English Telegram Group
(https://t.me/mytokenGroup)