Security researchers report that the ChocoPoc (ChocoPoC) malware is being delivered through trojanized proof-of-concept (PoC) exploit repositories hosted on GitHub. The campaign uses weaponized-looking Python PoC code that claims to exploit recently discussed or specific vulnerabilities (CVE-related), but executing the code instead installs a Python-based remote access trojan (RAT). Once run, the RAT can execute commands on the compromised system and steal sensitive data, including saved browser credentials and cookies, as well as other files. Multiple sources describe the activity as targeting vulnerability researchers, such as people who test, reproduce, or hunt bugs, by placing the malicious payload within repositories that appear relevant to active research topics. The reports indicate that the PoC repositories are used as delivery mechanisms to reach the intended audience, with the malware initiating follow-on access after data theft. Overall, the disclosures focus on how trusted-looking exploit PoCs on a public code hosting platform can be used to compromise machines when users run the included scripts.
ChocoPoC Python RAT is distributed through trojanized GitHub proof-of-concept exploit repos
Security researchers report that the ChocoPoc (ChocoPoC) malware is being delivered through trojanized proof-of-concept (PoC) exploit repositories hosted on GitHub. The campaign uses weaponized-lookin...
- ChocoPoC is a Python-based remote access trojan (RAT).
- The RAT is distributed via trojanized proof-of-concept (PoC) exploit repositories hosted on GitHub.
- The PoC repositories present code as if it exploits vulnerabilities or newly discussed CVEs.
- When executed, ChocoPoC can run commands and steal sensitive information, including saved passwords and browser cookies.
- The activity is described as targeting cybersecurity vulnerability researchers.
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and
3 hours agoMultiple weaponized proof-of-concept (PoC) exploits on GitHub delivered a Python-based remote access trojan (RAT) called ChocoPoC that can execute commands and steal sensitive data. [...]
14 hours agoMultiple weaponized proof-of-concept (PoC) exploits on GitHub were found delivering a Python-based remote access trojan (RAT) named ChocoPoC that can execute commands and steal sensitive data in a campaign believed to target cybersecurity researchers. [...]
14 hours ago
Kathy Griffin Says She’s Been “Banned” From “The Tonight Show”
Comedian Kathy Griffin says she believes she has been effectively barred from appearing on NBC’s “The Tonight Show Starr...
How Azteca Stadium’s altitude could affect England in Mexico
As England prepare to visit Mexico, BBC Sport examines how the high altitude at Mexico City’s Estadio Azteca may affect...
Fans boo FIFA’s mandatory World Cup hydration breaks over added advertising slots
FIFA introduces mandatory hydration breaks for all World Cup matches, requiring a three-minute pause midway through each...