A new credential theft campaign is targeting financial institutions with weaponized RAR files delivered through phishing emails. This attack utilizes a sophisticated, multi-stage payload hidden within JPEGs and achieves persistence via executable masquerading and registry changes. Stolen credentials are then exfiltrated using FTP and SMTP after injecting malicious code into trusted Windows processes.