New ChocoPoC RAT Targets Vulnerability Researchers Using Fake PoC Exploit Repos

The attackers hid a data-stealing trojan inside fake exploit code aimed at people who hunt bugs for a living. Malware, called ChocoPoCruns through Python proof-of-concept (PoC) repositories on GitHub that claim to use hot new CVEs.
Run one, and it silently lifts your saved passwords, browser cookies, and files, and gives the attacker a shell on your machine. YesWeHack and Sekoia published their joint findings on July 1 and warned that, as of that report, the malware and its servers were still live, so do not use any of these PoCs.
The trick is where the code lives. The virtual PoC looks neat. The malware hides in a Python package that PoC pulls as a dependency, so it goes through a quick code review.
How the trap works
The bait is time pressure. When a major bug drops, researchers rush to test it and grab public PoCs to move quickly. This campaign turns that habit into a channel of infection.
The chain, in simple terms:
- You compile the repo and run pip install to download the PoC requirements.
- That pulls in a package called frint, which in turn pulls in a second package, skytext.
- skytext ships a small compiled file (gradient.so on Linux, gradient.pyd on Windows) that runs when you start PoC.
- It only wakes up when it sees a real PoC loaded, looks for a file named EXPLOIT_POC.py or similar, then releases its payload and downloads the trojan.
That last check is why the empty sandbox doesn’t see anything. Detonate the package itself, without the full PoC next to it, and the malware remains dormant.
What it steals and what it does
Once running, ChocoPoC is a full remote access trojan. Pulls saved passwords, cookies, autofill, and history from Chrome, Brave, Edge, and Firefox. It holds text files, notes, and local databases, as well as shell history, network settings, and a list of running processes.

An attacker can also run any shell command, use arbitrary Python, extract entire folders, and drop malware into silence. Several command words are in Spanish, and the code carries small bugs, which the researchers read as handwritten rather than AI-generated.
For control, malware hides in plain sight. It reads its orders from a dataset in Mapbox, a common mapping service, and uses it as a dead drop. It resolves that address via DNS-over-HTTPS and uses the domain trick, so the traffic looks like normal Mapbox API calls. Larger loads go to a different server at 91.132.163.78.
How widespread it has become
YesWeHack and Sekoia discovered at least seven fake PoCs, each linked to a high-profile feature:
- FortiWeb routing (CVE-2025-64446)
- React2Shell (CVE-2025-55182)
- MongoBleed (CVE-2025-14847)
- PAN-OS auth bypass (CVE-2026-0257)
- Ivanti Sentry command injection (CVE-2026-10520)
- Check Point VPN auth bypass (CVE-2026-50751)
- Joomla SP Page Builder RCE (CVE-2026-48908)
The skytext package alone has been downloaded about 2,400 times, mostly on Linux. The downloads don’t prove that anyone was infected, but they came soon after the big CVEs came to light, which is tempting.

The start of the same campaign, which goes back to late 2025, used two other packages, slogsec and logcrypt.cryptography, with almost identical code. Sekoia checks with great confidence that one character is behind both of them, based on the recycled control markers.
It says the operator fiddled with GitHub, PyPI, and Mapbox accounts, several of which were created with leaked or stolen logins. No known group has been named.
Security researchers make a rich target. They use code that is trusted by design, often with elevated privileges, and their machines hold client credentials, private messages, and live session information. Drop one, and you can remotely access one laptop.
The MUT-1244 campaign featured a payload, using fake PoC repositories to steal SSH keys and cloud credentials from red team players and researchers.
This is not a new idea, only a new twist. The North Korean group Lazarus has fascinated researchers for years, pretending to be some bug hunters and sending malicious Visual Studio projects in 2021, then burning day zero for them in 2023, with new waves since then.
On the property piracy side, Trend Micro discovered a fake PoC for a Windows LDAP bug (CVE-2024-49113) that stole researcher data in early 2025, and a separate campaign pushed fake CVE PoCs carrying a trojan called WebRAT in late 2025, mostly hitting testers and juniors.
Additionally ChocoPoC is a hiding place. Malware is persistent, so the PoC you read is always clean. As the researchers put it, malware is old news, but “what’s changing is the delivery method.”
What you have to do now
- Treat any PoC as hostile until proven otherwise, and avoid code for new or unknown accounts.
- Read the complete dependency chain, not just the PoC file. View recently published packages, unknown maintainers, and accounts with hidden history.
- Test only with a dump VM, but remember isolation alone won’t break this. The actual fix doesn’t include packages at all.
- Check your systems for frint, skytext, slogsec, and logcrypt.cryptography, and file hashes in the report. If you have used any of them, rotate the information and rebuild the host.
The greatest danger lies downstream. These addictions are aimed at researchers who provide discovery and PoCs in frameworks such as Nuclei and MDUT. Sekoia flags the risk of a double whammy in the supply chain: one researcher is poisoned, and bad code can infect thousands of others who rely on it.



