Remote access Trojan Adwind has resurfaced and as of last weekend, is being used in spam emails targeting Danish companies. Attackers are spreading malicious.jar, or Java archive files, in emails purporting to be order requests coming from either spoofed or fake return addresses. If a user clicks through and opens the file, Adwind s code is run, and the machine is pulled into a botnet. Researchers with Romania-based Heimdal Security say this iteration of Adwind communicates with a server used in other RAT campaigns that use dynamic DNS services.
Source: https://threatpost.com/adwind-rat-resurfaces-targeting-danish-companies/119060/