Crypto Community Faces New Obsidian Plugin Scam

Paragraph 1 A fresh trick has emerged in the crypto world. Scammers are using a note‑taking app called Obsidian to hide malware inside what looks like helpful plugins. The goal is to steal control of victims’ computers. Paragraph 2 The scheme begins on social media. Attackers pose as venture capitalists and chat with targets on LinkedIn. They then move the conversation to Telegram, where they claim to offer crypto‑liquidity services. This gives them a believable business reason to talk. Paragraph 3 In the next step, the scammers ask users to open a shared cloud vault in Obsidian. They say it is their company’s dashboard and give the victim a login. When the vault opens, the user is prompted to enable community plugins. Paragraph 4 Once the plugins are activated, hidden code runs silently. The malware is a remote‑access trojan that Elastic Security Labs calls “PHANTOMPULSE. ” It works on both Windows and macOS. The program is designed to stay hidden, keep running, and let the attacker control the device.Paragraph 5 PHANTOMPULSE uses a clever command‑and‑control system. It connects to at least three different blockchain networks. The malware looks for a specific wallet’s transaction data to find its instructions, so it can operate even if one network is blocked. This makes the attack hard to shut down. Paragraph 6 Security researchers stopped the attacks, but they warned that this method shows how attackers can exploit legitimate tools. They urged crypto and finance firms to monitor which plugins are allowed in productivity apps. A strict policy can help prevent similar scams. Paragraph 7 Overall, the incident reminds everyone that tools meant for work can become weapons. Being cautious about who you talk to online and what software you install is essential, especially in the crypto space where losses cannot be reversed.