Elastic Security Labs has warned of a new social engineering scam targeting crypto and finance users on note-taking app Obsidian. The scam tricks victims into allowing malicious software to run on their devices, which can take control of their devices. The attackers abuse the community plugin ecosystem on Obsidian to silently execute code when a victim opens a shared cloud vault. The attacks differ slightly on Windows and macOS, but both deploy a previously undocumented remote access trojan, or RAT, which Elastic dubbed "PHANTOMPULSE". The malware uses a decentralized command-and-control mechanism via at least three different blockchain networks to connect to the attacker and receive instructions. Elastic has been able to block the attack, but it shows attackers continue to evade traditional security controls.