US petroleum industry entities are targeted by attackers with a new Adwind Remote Access Trojan (RAT) variant featuring multi-layer obfuscation and delivered via a malspam campaign designed to infect targets through malicious attachments or URL redirections to payloads.

Adwind (aka jRAT, AlienSpy, JSocket, and Sockrat) is a cross-platform (i.e., Windows, Linux, macOS) RAT provided by its developers to various threat actors under a malware-as-a-service (MaaS) model.

While the RAT can avoid being detected by some anti-malware solutions, behavior- and sandbox-based antivirus software should be capable of identifying and block it successfully.