New Adwind Remote Access Trojan (RAT) variant features multi-layer obfuscation and delivered via a malspam campaign. Multi-nested JAR files are used to conceal the malware’s presence, much like using a Matryoshka doll with the RAT payload being the core of the malicious malicious payload. RAT has previously been observed in attacks against thousands of individuals and entities from a wide range of industries, including finance, telecom, software, and government among many others.
Source: https://www.bleepingcomputer.com/news/security/new-adwind-rat-variant-used-against-the-us-petroleum-sector/