CVE Tools
Back to feed
Хакер (xakep.ru) ·RU-RU Restricted PoC public

Малварь ChocoPoC распространяется под видом фальшивых эксплоитов

By Мария Нефёдова··2 min read
CVE Tools coverage

Cybersecurity researchers from YesWeHack and Sekoia have uncovered a malicious campaign targeting vulnerability researchers. Attackers are publishing fake proof-of-concept (PoC) exploits on GitHub for recent vulnerabilities, which deploy the ChocoPoC remote access trojan (RAT). Once installed, ChocoPoC steals browser data, files, passwords, and provides attackers with remote control over infected systems. The malware is hidden within dependencies like 'frint' and 'skytext', making it hard to detect during routine audits. The attack leverages several known CVEs including CVE-2025-64446, CVE-2025-55182, and others. Researchers warn that even sandbox testing may not reveal the threat without full repository context.