Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

Elastic Security Labs has uncovered a novel social engineering campaign, tracked as REF6598, that exploits the Obsidian note-taking application as an initial access vector to deliver a previously undocumented Windows RAT named PHANTOMPULSE. The campaign specifically targets individuals in the financial and cryptocurrency sectors. PHANTOMPULSE is a new remote access trojan capable of granting threat actors persistent access to compromised systems, enabling data collection and command execution. Organizations in targeted sectors should exercise caution with file attachments or links related to Obsidian, implement robust email security controls, and ensure security awareness training addresses social engineering tactics leveraging legitimate productivity tools.

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage

Elastic Security Labs has uncovered a novel social engineering campaign, tracked as REF6598, that exploits the Obsidian note-taking application as an initial access vector to deliver a previously undocumented Windows RAT named PHANTOMPULSE. The campaign specifically targets individuals in the financial and cryptocurrency sectors. PHANTOMPULSE is a new remote access trojan capable of granting threat actors persistent access to compromised systems, enabling data collection and command execution. Organizations in targeted sectors should exercise caution with file attachments or links related to Obsidian, implement robust email security controls, and ensure security awareness training addresses social engineering tactics leveraging legitimate productivity tools. A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage