Crypto users have been warned of a new social engineering scam that tricks victims into using community plugins on the note-taking app Obsidian to unknowingly run malware that can take control of their devices.
Elastic Security Labs said in a report on Tuesday that it found a novel campaign targeting those in crypto and finance using “elaborate social engineering on LinkedIn and Telegram” to trick...
This scam represents a sophisticated evolution in social engineering, blending legitimate productivity tools with decentralized infrastructure to evade detection. The attackers exploit trust in professional networks (LinkedIn) and secure messaging (Telegram), leveraging the credibility of Obsidian’s plugin ecosystem to deliver malware. The use of blockchain for command-and-control is particularly notable, as it provides resilience against traditional takedowns while maintaining plausible deniabi...