Cybercriminals are using a sophisticated attack method involving a remote access trojan called RoKRAT, which is embedded within standard JPEG image files. This technique, a variant of steganography, allows the malware to evade detection by conventional security systems. The attack is linked to an advanced persistent threat group known as APT37. The process involves embedding a malicious module within a JPEG file, which, when opened, triggers the malware to inject its code into the MS Paint application. Researchers found that the RoKRAT module is often concealed in images downloaded from cloud storage services, complicating detection efforts. Authorities are warning users to exercise caution with files from unverified sources and to keep their security systems updated.