Crypto users targeted in ‘elaborate’ scam using popular notes app
Elastic Security Labs says a multi-step social engineering scam is aimed at those in crypto and finance, using a community plugin feature on a note-taking app to spread malicious device-controlling software.
Crypto users have been warned of a new social engineering scam that tricks victims into using community plugins on the note-taking app Obsidian to unknowingly run malware that can take control of their devices.
Elastic Security Labs said in a report on Tuesday that it found a novel campaign targeting those in crypto and finance using “elaborate social engineering on LinkedIn and Telegram” to trick victims into allowing malicious, yet seemingly safe, software to run on their devices.
Attackers abuse the community plugin ecosystem on Obsidian to “silently execute code when a victim opens a shared cloud vault,” with attacks working on both Windows and macOS devices.
Source: Cointelegraph →Related News
- 1 hour ago
SocGen brings MiCA-compliant USDCV dollar stablecoin to MetaMask
- 2 hours ago
North Korean hackers used AI-enabled social engineering in Zerion attack
- 2 hours ago
X rolls out smart cashtags in US, Canada in step toward ‘everything app’
- 3 hours ago
Apple removes fake Ledger app that stole $9.5M from crypto investors
- 3 hours ago
Switzerland’s Crypto Valley funding rose 37% in 2025 as TON led deals