New Social Engineering Campaign Uses Obsidian to Spread PHANTOMPULSE RAT

A novel social engineering campaign, tracked as REF6598 by Elastic Security Labs, is abusing Obsidian—a cross-platform note-taking application—to distribute PHANTOMPULSE, a previously undocumented Windows remote access trojan (RAT). The attacks specifically target individuals in the financial and cryptocurrency sectors as an initial access vector. No specific dates, CVE IDs, or technical implementation details were disclosed in the available content. The campaign leverages malicious Obsidian plugins to deploy the RAT, though further exploitation mechanisms remain unspecified. The primary impact involves unauthorized remote access to compromised systems within the targeted industries.