The Hacker News ·EN News source PoC public
New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
CVE Tools coverage
Researchers from YesWeHack and Sekoia report that the Python-based trojan ChocoPoC is distributed through fake GitHub proof-of-concept repositories that look like fixes for newly disclosed issues. The payload steals credentials and local data, then provides remote command execution, affecting fake PoCs tied to CVE-2025-64446, CVE-2025-55182, CVE-2025-14847, CVE-2026-0257, CVE-2026-10520, CVE-2026-50751, and CVE-2026-48908. Because the malicious code is hidden in dependency packages (e.g., frint and skytext), simply reviewing the visible exploit file may miss the threat, making this a serious supply-chain risk for vulnerability researchers and downstream tooling.