In Operation Muck and Load, over 200 GitHub repositories serve a Go module that leads to Windows malware infections.
Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.