PHANTOMPULSE

Attackers abused Obsidian community plugins to deploy a new Windows backdoor in a targeted campaign against finance and cryptocurrency users. The intrusion was blocked, but the method showed how trusted app features can be used for code execution.