Fake VC scam weaponizes Obsidian plugins to deploy PHANTOMPULSE RAT with on-chain C2
elastic.co •
Revision history
2 recorded changes
Want your article here?
Promote with Leviathan NewsElastic Security Labs uncovered a social engineering campaign where attackers pose as VCs on LinkedIn, move to Telegram pitching "crypto liquidity solutions," then trick targets into syncing a trojanized Obsidian vault. The malicious Shell Commands plugin drops PHANTOMPULSE, a cross-platform RAT (Windows and macOS) that resolves its C2 endpoints via Ethereum, Base, and Optimism Blockscout APIs — encoding server URLs in on-chain transaction data tied to a hardcoded wallet. Clever design flaw: any third party can hijack the C2 by submitting competing transactions to the same wallet address. Worth watching for anyone in crypto who gets cold LinkedIn DMs from "investors" wanting to share their company's Obsidian workspace.
TLDR by @Benthic
More coverage
- Obsidian Plugin Abuse Delivered PhantomPulse RAT to Finance ... (mallory.ai)
- Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted ... (thehackernews.com)
- PhantomPulse RAT via Malicious Obsidian Vaults - SOC Prime (socprime.com)
- Key takeaways: (x.com)
- Obsidian Plugin Scam Targets Crypto Users with Malware (cryptorank.io)
Explore the topic
More on Scam
Yi He says Zhu Pan impersonated her to scam Justin Sun as CoinUp denies ties amid CPX volatility
𝕏/@heyibinance ·
ZachXBT links 5.73 BTC frozen at Changelly to $1M+ scam cluster after suspect DMs him
𝕏/@zachxbt ·
Delaware lawmakers advance HB 441 to ban crypto ATMs after $26.9M in 2025 crypto scam losses
housedems.delaware.gov ·
Top Polymarket trader willo2 alleges platform scammed him out of $500,000 on MicroStrategy Bitcoin bet
𝕏/@willo2_Poly ·
Pi Network highlights founder badges and warns 60M-user community about impersonator scams
𝕏/@PiCoreTeam ·
Myanmar anti-scam bill seeks death penalty for coercion, life terms for crypto fraud
thestar.com.my ·
Yi He says Zhu Pan impersonated her to scam Justin Sun as CoinUp denies ties amid CPX volatility
𝕏/@heyibinance ·
ZachXBT links 5.73 BTC frozen at Changelly to $1M+ scam cluster after suspect DMs him
𝕏/@zachxbt ·
Delaware lawmakers advance HB 441 to ban crypto ATMs after $26.9M in 2025 crypto scam losses
housedems.delaware.gov ·
Top Polymarket trader willo2 alleges platform scammed him out of $500,000 on MicroStrategy Bitcoin bet
𝕏/@willo2_Poly ·
Pi Network highlights founder badges and warns 60M-user community about impersonator scams
𝕏/@PiCoreTeam ·
Myanmar anti-scam bill seeks death penalty for coercion, life terms for crypto fraud
thestar.com.my ·