Note to Self: That Obsidian Vault Might Be Mining Your Keys Instead of Your Thoughts

Elastic Security Labs has flagged a fresh social engineering operation that's got crypto Twitter collectively clutching their hardware wallets a little tighter. The campaign, targeting folks in crypto and finance, exploits the community plugin ecosystem on the popular note-taking app Obsidian to deliver a Remote Access Trojan (RAT) that can pwn your device faster than you can say "not your keys, not your coins."

The attack chain is about as elaborate as it gets. Scammers slide into victims' LinkedIn DMs pretending to represent a venture capital firm. After some light chit-chat about "financial services" and "crypto liquidity solutions," they migrate the conversation to Telegram—because nothing screams legitimacy like moving from a professional networking site to a messaging app.

From there, targets are convinced to download Obsidian and connect to a cloud-hosted vault controlled by the attackers, who frame it as some kind of proprietary database for a shared dashboard. Once the victim opens the vault and enables community plugins sync, the trojanized plugins silently execute the attack chain. Both Windows and macOS users are affected.

The malware, dubbed "PHANTOMPULSE" by Elastic, is no joke. It's described as being "designed for stealth,