Hackers Exploit Obsidian Plugin to Spread PHANTOMPULSE Trojan with Blockchain C2

ETH-1.76%

Gate News message, April 15 — Elastic Security Labs disclosed that threat actors impersonated venture capital firms to lure targets via LinkedIn and Telegram into opening malicious Obsidian note vaults. The attack leveraged Obsidian's Shell Commands plugin to execute malicious payloads when victims opened the vault, requiring no vulnerability exploitation.

PHANTOMPULSE, a previously undocumented Windows remote access trojan (RAT), was discovered in the attack. It uses blockchain C2 communication via Ethereum transaction data. The macOS payload employed an obfuscated AppleScript dropper with a Telegram channel as a backup C2.

Elastic Defend detected and blocked the attack before PHANTOMPULSE execution.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments