Campaign REF6598 uses malicious shared Obsidian vaults to deliver PHANTOMPULSE RAT to finance and crypto targets on Windows and macOS.
Key Takeaways
Attack flow: LinkedIn/Telegram social engineering -> shared vault -> victim enables community plugin sync -> PHANTOMPULL loader -> PHANTOMPULSE injected into memory.
PHANTOMPULSE resolves its C2 by querying a hard-coded Ethereum wallet address for transaction data, making infrastructure takedowns difficult.
Compromised plugins are malicious versions of legitimate tools (‘Shell Commands’, ‘Hider’) already present in the shared vault, not sourced from the official marketplace.
RAT capabilities include keylogging, screenshots, file exfiltration, and arbitrary command execution; cross-platform (PowerShell on Windows, AppleScript on macOS).
Key detection signal: Obsidian.exe spawning powershell.exe, cmd.exe, or osascript is highly anomalous and should trigger EDR alerts.
Hacker News Comment Review
Consensus splits on framing: the attack requires the user to dismiss multiple Obsidian safety warnings, making it a social engineering win rather than a plugin system vulnerability, but Obsidian’s own docs admit plugins cannot be reliably permission-scoped.
Obsidian CEO acknowledged the headline is misleading and stated a major plugin security update is coming, but a commenter noted plugin full-disk access concerns were raised and dismissed years ago.
Practical defense cited by one commenter: run Obsidian with OS-level network and filesystem sandboxing, granting network access only during plugin updates.
Notable Comments
@Groxx: quoted Obsidian’s own help docs confirming plugins inherit full app-level access with no reliable permission restrictions, undercutting the “proper protections” claim.
@zhivota: argues shared vault model is fundamentally broken – correct response is to never accept a shared vault, only plaintext exports.
