The point: Attackers use fake exploit repositories as bait to infect security researchers with ChocoPoC-RAT malware to steal credentials and gain remote control.
A new malware called ChocoPoC hides in Python proof-of-concept repositories on GitHub that purportedly exploit newly discovered security vulnerabilities. Vulnerability researchers who download these exploit codes for analysis purposes are specifically targeted.
The ChocoPoC malware is distributed through fake PoC repositories on GitHub that claim to exploit newly discovered CVEs. The repositories are specifically aimed at security researchers and penetration testers who evaluate such exploits for their work.
Upon code execution, the malware steals stored passwords, browser cookies, and locally available files. Simultaneously, it establishes a remote shell that gives the attacker interactive control over the infected workstation.
This attack method is problematic for CISOs because it directly endangers highly privileged systems: vulnerability researchers typically have broad network access, admin rights, and access to confidential system information. Compromise of these workstations can become a pivot point into the internal network or lead to exfiltration of critical assets.
Source: thehackernews.com · Published July 2, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.7.2.