Hackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross‑platform malware chain that ends with the PHANTOMPULSE remote access trojan.
Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first engaging over LinkedIn and then moving conversations to Telegram group chats with multiple fake “partners” to build credibility.
Victims are asked to use Obsidian as the firm’s “management database”. They are given credentials to an attacker‑controlled cloud vault, framed as a shared dashboard.
Once the vault is opened, the attackers instruct targets to enable Obsidian’s community plugin sync, a setting that is turned off by default and not propagated automatically between devices.
Elastic Security Labs has identified a novel social engineering campaign that abuses the popular note-taking application, Obsidian, as an initial access vector.
When enabled, the malicious configuration for the Shell Commands plugin and a cosmetic Hider plugin that hides UI elements to reduce suspicion, are synced into the victim’s environment and execute without further user interaction on the next trigger.
Abusing Obsidian plugins
Elastic’s telemetry first flagged suspicious PowerShell spawned directly from the legitimate Obsidian binary, ruling out a simple trojanized executable and pointing instead to a plugin‑driven attack surface.
Analysis of the synced vault’s .obsidian directory showed a configured Shell Commands plugin capable of running arbitrary, platform‑specific commands on events such as vault open or app startup.
PHANTOMPULSE is a feature‑rich Windows RAT that appears heavily AI‑assisted, with unusually verbose, step‑labeled debug strings and a polished “Phantom Panel” web interface exposed behind Cloudflare.
In the REF6598 case, the Windows command chain used Base64‑encoded PowerShell that downloaded a second‑stage script from 195.3.222[.]251, which in turn fetched a loader binary called syncobs.exe (PHANTOMPULL) and reported detailed execution status back to the same C2.
This approach keeps the core payload inside JSON configuration and memory‑only loaders, making traditional signature‑based and file‑centric defenses far less effective.
PHANTOMPULL is a 64‑bit Windows loader that decrypts an embedded AES‑256‑CBC encrypted PE from its resources and reflectively loads it, then retrieves the PHANTOMPULSE RAT over HTTPS from panel.fefea22134[.]net.
Everything appeared to be a clean, legitimate Obsidian installation with no third-party code. At that point, we decided to install Obsidian ourselves and explore what options an attacker could abuse to achieve command execution.
It uses runtime API hashing, fake “integrity” checks, dead code and timer‑queue callbacks to complicate analysis and evade simple sandbox heuristics.
Notably, it resolves its live C2 endpoint via Ethereum‑compatible Blockscout explorers, decoding URLs from on‑chain transaction input data tied to a hardcoded wallet, but fails to validate the sender, allowing defenders who know the wallet and XOR scheme to hijack C2 resolution by publishing their own sinkhole transaction.
macOS chain and Telegram-based fallback
On macOS, the Shell Commands plugin runs a Base64‑encoded AppleScript via osascript that sets up a persistent LaunchAgent and then executes a heavily obfuscated AppleScript dropper.
The synced vault on the VM received the base configuration files (app.json, appearance.json, core-plugins.json, workspace.json), but notably the plugins/ directory and community-plugins.json were absent entirely.
The dropper builds all sensitive strings at runtime, uses numerous decoy variables, and implements layered C2 discovery: first probing a list of hardcoded domains (such as 0x666[.]info), then scraping a public Telegram channel as a dead‑drop fallback if those hosts are unavailable.
Once a C2 is resolved, the macOS script posts victim identifiers to the server and pipes the response straight back into osascript, creating an in‑memory multi‑stage chain similar in spirit to the Windows loader path.
At analysis time the macOS C2 infrastructure was offline, but the design clearly mirrors the Windows focus on stealthy staging, flexible C2 rotation, and minimal on‑disk artifacts.
Elastic Defend blocked the REF6598 intrusion at an early stage by detecting anomalous PowerShell spawned from Obsidian, preventing PHANTOMPULSE from fully deploying on the observed host.
Organizations in financial and cryptocurrency sectors should treat “trusted” productivity tools like Obsidian as potential execution surfaces, monitor for unusual child processes from them, and enforce strict plugin policies and user training around shared vaults and community plugin sync.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
