A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors.
Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/04/obsidian-plugin-abuse-delivers.html