Attackers can host malware on gitlab.com and send phishing emails to have users download the malware. Another way is to fork a legitimate project, and add malware to it and then phish users to download the trojanized project.
Command and Control
None
Exfiltration
None
Download
Attackers can host malicious files on gitlab.com and when needed, the files can be downloaded.