Brand Trust as a Weapon: Multi-Brand Impersonation Campaigns Deliver JWrapper Malware

**Executive Summary:** Cofense PDC observed a phishing campaign impersonating DocuSign/Adobe that delivers a JWrapper-wrapped SimpleHelp remote access client (RAT) via malicious installer downloads; the report details infection flow, persistence techniques, observed command execution, C2 infrastructure, and provides IOCs and mitigation guidance.