Хакер (xakep.ru) ·RU-RU Restricted PoC public
Малварь ChocoPoC распространяется под видом фальшивых эксплоитов
CVE Tools coverage
Cybersecurity researchers from YesWeHack and Sekoia have uncovered a malicious campaign targeting vulnerability researchers. Attackers are publishing fake proof-of-concept (PoC) exploits on GitHub for recent vulnerabilities, which deploy the ChocoPoC remote access trojan (RAT). Once installed, ChocoPoC steals browser data, files, passwords, and provides attackers with remote control over infected systems. The malware is hidden within dependencies like 'frint' and 'skytext', making it hard to detect during routine audits. The attack leverages several known CVEs including CVE-2025-64446, CVE-2025-55182, and others. Researchers warn that even sandbox testing may not reveal the threat without full repository context.