Check Point observed a new malicious campaign targeting corporate entities in Armenia with a new OxtaRAT backdoor variant, with an aim to conduct surveillance. The attack involved a geo-political bait wherein hackers would share an image file (.SCR) masquerading as a PDF file. It is a polyglot file that combines the image and compiled AutoIT script (the OxtaRAT).