Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

Thursday, April 16, 2026 at 11:02 AM UTC·Source: The Hacker News

Updated: Thursday, April 16, 2026 at 11:51 AM UTC

Executive Summary

A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors. Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage

Analysis

Source Attribution

Originally published by The Hacker News on Apr 16, 2026.

Related Threats

LOWMalware

U.S. authorities conduct cyber operations as part of global crackdown on DDoS-for-hire services

ANCHORAGE, Alaska – The U.S. Justice Department today announced court-authorized actions taken to disrupt some of the world’s leading Distributed Denial of Service (DDoS) Internet of Things (IoT) botnet services. U.S. authorities continue to focus resources on charging DDoS botnet administrators and seizing infrastructure, like websites, that allow paying users to launch powerful DDoS attacks....

Apr 17, 2026DataBreaches.net

MEDIUMMalware

ZionSiphon Malware Targets ICS in Water Facilities

The malware is configured to operate on systems associated with Israeli water treatment and desalination plants. The post ZionSiphon Malware Targets ICS in Water Facilities appeared first on SecurityWeek .

Apr 17, 2026SecurityWeek

MEDIUMMalware

ZionSiphon malware designed to sabotage water treatment systems

A new malware called ZionSiphon, specifically designed for operational technology, is targeting water treatment and desalination environments to sabotage their operations. [...]

Apr 16, 2026BleepingComputer