🟠 High | Source: The Hacker News
A new remote access trojan called ChocoPoC is being distributed through fake proof-of-concept exploit repositories on GitHub, specifically targeting vulnerability researchers and bug hunters. When executed, the malware silently steals saved passwords, browser cookies, and files, whilst granting the attacker a persistent shell on the victim’s machine. The campaign is notable because it weaponises the trusted practice of sharing PoC code, turning researchers’ own workflows against them.
Security Architect’s Take: Enforce strict sandboxing policies for running any third-party or community PoC code — mandate the use of isolated, ephemeral VMs or containers with no access to cloud credentials, browser profiles, or production environments. Review whether your security team’s workstations have access to cloud IAM credentials or CI/CD tokens that could be exfiltrated if a researcher is compromised.
Original advisory: New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos