A new type of crypto scam uses the Obsidian plugin to spread malware that can completely control the victim's device.

CoinFeed reported on April 15th that, according to Cointelegraph, Elastic Security Labs has discovered a new type of social engineering attack targeting users in the crypto and financial industries. Attackers are using the community plugin feature of the note-taking app Obsidian to spread malware that can take control of victims' devices. The attackers use sophisticated social engineering on LinkedIn and Telegram, impersonating venture capital firms and establishing a business relationship by discussing financial services, particularly cryptocurrency liquidity solutions. They then trick victims into using Obsidian to open a cloud-hosted repository controlled by the attackers and enabling community plugin synchronization. The malicious plugin then silently executes the attack chain.