Security researchers report that the ChocoPoc (ChocoPoC) malware is being delivered through trojanized proof-of-concept (PoC) exploit repositories hosted on GitHub. The campaign uses weaponized-looking Python PoC code that claims to exploit recently discussed or specific vulnerabilities (CVE-related), but executing the code instead installs a Python-based remote access trojan (RAT). Once run, the RAT can execute commands on the compromised system and steal sensitive data, including saved browser credentials and cookies, as well as other files. Multiple sources describe the activity as targeting vulnerability researchers, such as people who test, reproduce, or hunt bugs, by placing the malicious payload within repositories that appear relevant to active research topics. The reports indicate that the PoC repositories are used as delivery mechanisms to reach the intended audience, with the malware initiating follow-on access after data theft. Overall, the disclosures focus on how trusted-looking exploit PoCs on a public code hosting platform can be used to compromise machines when users run the included scripts.