CVE Tools
Back to feed
The Hacker News ·EN News source PoC public

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos

By The Hacker News··5 min read
CVE Tools coverage

Researchers from YesWeHack and Sekoia report that the Python-based trojan ChocoPoC is distributed through fake GitHub proof-of-concept repositories that look like fixes for newly disclosed issues. The payload steals credentials and local data, then provides remote command execution, affecting fake PoCs tied to CVE-2025-64446, CVE-2025-55182, CVE-2025-14847, CVE-2026-0257, CVE-2026-10520, CVE-2026-50751, and CVE-2026-48908. Because the malicious code is hidden in dependency packages (e.g., frint and skytext), simply reviewing the visible exploit file may miss the threat, making this a serious supply-chain risk for vulnerability researchers and downstream tooling.