Comment by nstart

2 days ago

This is a misleading headline. It makes it seem like another supply chain attack where some good plug-in was taken over and used to deliver malware. Thats not the case here. Victims are invited to collaborate on a synced vault which comes preloaded with a non official plug-in that delivers the rat. Very very different story

4 comments

nstart

deafpolygon 2 days ago

What’s misleading?

"Novel Campaign Abuses Obsidian Note-Taking App to Target Finance and Crypto Professionals with PHANTOMPULSE RAT”

It’s novel (new), an abuse of Obsidian, specifically targeting a group of people.. and the RAT is embedded in the vault.

kepano 2 days ago
The headline on HN is different: "Obsidian plugin was abused to deploy a remote access trojan". It's not a plugin that was abused, but the ability for shared vaults to contain plugins.
- deafpolygon 1 day ago
  
  Isn’t that nearly the same thing? It depends on the presence of a particular plugin which was abused to run remote commands.
  
  1 reply →