A Better Newspaper

## Obsidian Plugin – Phantom Pulse RAT Supply Chain Attack (2026) ### Overview A malicious actor abused the Obsidian plugin ecosystem to deploy a remote access trojan (RAT) named **Phantom Pulse**, according to security reporting (Cyber/NetSecOps, date of article). The incident represents a notable software supply chain attack targeting the knowledge management tool used widely by professionals, researchers, and developers. ### Technical Details - The attack vector was a malicious or compromised **Obsidian plugin** - The payload delivered is identified as **Phantom Pulse RAT**, a remote access trojan enabling attacker control of infected systems (Cyber/NetSecOps, date of article) - Obsidian's plugin marketplace, which relies on community-contributed plugins with varying degrees of vetting, was the distribution mechanism ### Why This Matters **Obsidian** is a widely used markdown-based knowledge management application favored by legal professionals, researchers, software engineers, and executives for storing sensitive notes, documents, and research. A RAT deployed via this vector could expose: - Attorney-client privileged materials - Corporate strategy documents - Source code and API credentials - Personal authentication data ### Broader Supply Chain Context This attack follows a pattern of threat actors targeting developer and productivity tool plugin ecosystems (cf. *JSON Formatter Chrome Plugin – Adware Injection Compromise*, *WordPress Plugin Supply Chain Backdoor*, *CPUID Supply Chain Compromise*). ### Recommended Actions - Audit installed Obsidian plugins against known-good lists - Review plugin permissions and network access - Treat community plugins as untrusted third-party code requiring vetting ### Key Entities - **Obsidian** — the targeted application - **Phantom Pulse RAT** — the malware payload - Threat actor identity not publicly attributed at time of reporting