Sophos identified a hacking group that abused NSIS installers to deploy RATs and information-stealing malware in attacks targeting industrial companies. Sophos found that RATicate was behind five sequential campaigns dropping a similar set of payloads and sharing command and control infrastructure. The group has moved on to using other payloads, including COVID-19-related baits designed trick potential victims into installing malware on their computers as shown by a recent series of attacks detected in March 2020.
Source: https://www.bleepingcomputer.com/news/security/raticate-drops-info-stealing-malware-and-rats-on-industrial-targets/