ChocoPoC RAT Targets Researchers via Fake Exploit Repos
Malicious Python PoC repositories on GitHub deliver ChocoPoC RAT to security researchers. The trojan steals credentials and provides remote access via Mapbox dead drops.
Security researchers hunting for proof-of-concept exploit code on GitHub are walking into traps. A campaign distributing the ChocoPoC remote access trojan has been hiding malware inside fake PoC repositories that claim to exploit recent high-profile CVEs—and at least 2,400 researchers have already downloaded the infected packages.
The malware doesn't live in the visible exploit code. Instead, it's buried in Python package dependencies that get pulled in during installation, making it nearly invisible to researchers who manually review the PoC before running it.
How the Attack Works
The infection chain is elegant in its simplicity:
- Victim finds a GitHub repository claiming to have a working PoC for a hot CVE
- They clone the repo and run
pip install -r requirements.txt - A malicious package called
frintgets installed frintpulls inskytextas a secondary dependencyskytextcontains compiled malicious code (gradient.soon Linux,gradient.pydon Windows)- The malware activates only when it detects exploit-related files like
EXPLOIT_POC.py
That last step is key. By checking for the presence of exploit files before executing, ChocoPoC evades automated malware sandboxes that install packages but don't actually run the PoC code.
What Gets Stolen
Once active, ChocoPoC operates as a full remote access trojan. It exfiltrates:
- Saved passwords, cookies, autofill data, and history from Chrome, Brave, Edge, and Firefox
- Text files, notes, and local databases
- Shell history and network configuration
- Running process lists
- SSH keys and cloud provider credentials
- Git access keys and Docker authentication tokens
For security researchers, that last category is devastating. Stolen Git credentials can lead to supply chain compromises in any repositories the researcher maintains. Cloud credentials provide access to test infrastructure that might connect to client environments.
Command and Control via Mapbox
The C2 infrastructure shows sophistication beyond typical commodity malware. ChocoPoC reads commands from Mapbox dataset "dead drops"—abusing Mapbox's legitimate data hosting service to blend in with normal traffic. Command retrieval routes through DNS-over-HTTPS with domain fronting, making network-based detection difficult.
Larger file uploads go to a separate server at 91.132.163.78. Command names appear in Spanish with hand-written code patterns, suggesting a Spanish-speaking developer rather than automated generation.
Targeted CVEs
The campaign has exploited interest in at least seven high-profile vulnerabilities, including Fortinet products that have faced ongoing targeting this year:
- CVE-2025-64446 (FortiWeb)
- CVE-2025-55182 (React2Shell)
- CVE-2025-14847 (MongoBleed)
- CVE-2026-0257 (PAN-OS)
- CVE-2026-10520 (Ivanti Sentry)
- CVE-2026-50751 (Check Point VPN)
- CVE-2026-48908 (Joomla SP Page Builder)
The attackers rotate through GitHub accounts and PyPI package names, staying one step ahead of takedowns. An earlier campaign in late 2025 used different package names—slogsec and logcrypt.cryptography—suggesting this operation has been running for months.
Why Target Security Researchers?
This isn't random. Security researchers represent high-value targets for several reasons:
Access to vulnerabilities: Researchers often have early access to CVE details and working exploits before they're widely known. Stealing this research provides a head start on weaponization.
Trust relationships: A compromised researcher account can be used to publish malicious code that other researchers and organizations trust implicitly.
Client environments: Offensive security researchers frequently have access to client networks during penetration tests. Stolen credentials could provide persistent access even after engagements end.
We've seen similar targeting of security professionals through malicious npm packages that impersonate legitimate security tools. The pattern suggests coordinated interest in compromising the security research community itself.
Protecting Yourself
Researchers downloading PoC code should:
- Use isolated virtual machines for all exploit testing—never run untrusted code on primary workstations
- Manually review all dependencies in requirements.txt and package.json before installation
- Check package publication dates on PyPI—newly published packages for old CVEs are red flags
- Monitor for compiled binaries (.so, .pyd, .dll) in package installations
- Verify repository authenticity through the original researcher or vendor advisory
Consider using tools like pip-audit to scan dependencies for known malicious packages, though this won't catch newly minted malware like ChocoPoC before it's catalogued.
Attribution Unknown
YesWeHack and Sekoia published joint findings on July 1, but neither organization has attributed the campaign to a specific threat group. The Spanish-language command names and hand-written code patterns suggest human development rather than AI generation, but that's about all that's known about the operators.
The use of stolen or leaked credentials to create GitHub and PyPI accounts makes tracing the actual operators difficult. What's clear is that this represents an ongoing operation rather than a one-off campaign—and security researchers remain in the crosshairs.
Related Articles
Axios npm Hijack Drops Cross-Platform RAT on 100M+ Installs
Attackers compromised the Axios npm package to deploy a cross-platform RAT targeting Windows, macOS, and Linux. Here's what happened and what you need to do.
Mar 31, 2026Malicious Laravel Packages on Packagist Deploy Cross-Platform RAT
Supply chain attack targets PHP developers via fake Laravel utilities containing encrypted RAT payload. The malware gains full access to database credentials and API keys.
Mar 5, 2026npm Typosquat Packages Drop PowerShell RAT Targeting Chrome Creds
Three malicious packages impersonating PostCSS tools deploy a multi-stage Windows RAT. The payload steals saved passwords by bypassing Chrome's app-bound encryption.
Jun 24, 2026Mastra npm Hijack Drops Crypto-Stealing RAT on AI Developers
144 packages in the Mastra AI framework compromised via hijacked maintainer account. The malicious easy-day-js dependency deploys a crypto-stealing RAT affecting 1.1M weekly downloads.
Jun 17, 2026