Elastic Security Labs identified a malware campaign that uses Obsidian plugins and at least three blockchain networks to install PHANTOMPULSE on devices used by crypto and finance professionals. Attackers reportedly approach targets on LinkedIn, move the conversation to Telegram, and send a cloud-hosted Obsidian vault that triggers the malware when community plugins are enabled. Elastic said the malware gives operators full remote control of infected Windows and macOS devices.