Hackers use Obsidian to spread PHANTOMPULSE Trojan horse

Elastic Security Labs has revealed that hackers disguised themselves as venture capital firms through LinkedIn and Telegram, luring targets into opening Obsidian note libraries containing malicious payloads and deploying a new Windows Trojan, PHANTOMPULSE. Attacking and abusing the Obsidian plugin to automatically execute malicious code, macOS uses obfuscation AppleScript, and Windows uses Ethereum transaction data to parse blockchain based C2 addresses.