BleepingComputer ·EN-US News source PoC publicChocoPoCfrintskytext
New ChocoPoC malware targets researchers via trojanized PoC exploits
CVE Tools coverage
Researchers found weaponized PoC exploit repositories on GitHub that ultimately deliver the Python-based RAT ChocoPoC to victims, including researchers. The campaign relies on malicious packages fetched from PyPI during repository cloning, which then lead to execution, data theft, and command execution capabilities. At least seven PoC repos were tied to exploits for FortiWeb (CVE-2025-64446), React2Shell (CVE-2025-55182), MongoBleed (CVE-2025-14847), PAN-OS (CVE-2026-0257), Ivanti Sentry (CVE-2026-10520), Check Point VPN (CVE-2026-50751), and Joomla SP Page Builder (CVE-2026-48908), underscoring why running unverified PoCs or their dependencies can quickly turn vulnerability research into compromise.