CVE Tools
Back to feed
BleepingComputer ·EN-US News source PoC publicChocoPoCfrintskytext

New ChocoPoC malware targets researchers via trojanized PoC exploits

By Bill Toulas··3 min read
CVE Tools coverage

Researchers found weaponized PoC exploit repositories on GitHub that ultimately deliver the Python-based RAT ChocoPoC to victims, including researchers. The campaign relies on malicious packages fetched from PyPI during repository cloning, which then lead to execution, data theft, and command execution capabilities. At least seven PoC repos were tied to exploits for FortiWeb (CVE-2025-64446), React2Shell (CVE-2025-55182), MongoBleed (CVE-2025-14847), PAN-OS (CVE-2026-0257), Ivanti Sentry (CVE-2026-10520), Check Point VPN (CVE-2026-50751), and Joomla SP Page Builder (CVE-2026-48908), underscoring why running unverified PoCs or their dependencies can quickly turn vulnerability research into compromise.