New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
Attackers are hiding the ChocoPoC data-stealing trojan inside fake Python exploit repositories that target security researchers rushing to test new CVEs. The malware steals browser credentials and files, then uses dependency chains, Mapbox, and other infrastructure to stay hidden while spreading through malicious PoCs. #ChocoPoC #YesWeHack #Sekoia #Mapbox #GitHub #PyPI

Keypoints

  • ChocoPoC is hidden inside fake Python exploit repositories on GitHub.
  • The malware arrives through dependencies like frint and skytext, not the visible PoC code.
  • It steals passwords, cookies, autofill data, files, and shell history from major browsers.
  • It uses Mapbox and DNS-over-HTTPS for command-and-control traffic.
  • YesWeHack and Sekoia found at least seven fake PoC repos tied to high-profile CVEs.

Read More: https://thehackernews.com/2026/07/new-chocopoc-rat-targets-vulnerability.html