Cybercriminals are now deploying remote access Trojans under the guise of seemingly innocuous images hosted on infected websites. The malware has been linked to a threat actor tracked as Transparent Tribe (aka Operation C-Major, Mythic Leopard, or APT36), a group allegedly of Pakistani origin known for its attacks against human rights activists in India. At least four different versions of ObliqueRAT have been discovered since its discovery, which Talos suspects are changes likely made in response to previous public disclosures.
Source: https://thehackernews.com/2021/03/hackers-now-hiding-obliquerat-payload.html