Securonix says PureLogs infection starts with a fake PDF JavaScript file and uses PowerShell, fileless .NET loading, and LOLBins.
According to reports, he will film performances later this year.
Fortinet says the May 2026 Ousaban campaign uses PDF lures, geofencing, and steganography to target Windows banking users.