A remote access trojan (RAT), called FlowCloud, targeted utilities for five months beginning in 2019, Proofpoint research asserts.