logo

ChocoPoC Malware Targets Cybersecurity Researchers via Trojanized GitHub Exploits

ID: 6e78208c-dc68-5e1a-83e0-83a77fed460e

STIX ID: report--6e78208c-dc68-5e1a-83e0-83a77fed460e

Feed Name: ThreatCluster

Threat Score
78/100

Date Published: 2026-07-01

Date Updated: 2026-07-03

...
...

A coordinated supply-chain campaign dubbed "ChocoPoC" uses malicious GitHub proof-of-concept repositories and dependent Python packages ('frint', 'skytext') to deliver a Python RAT that steals browser credentials, executes commands, and maintains persistence. At least seven fake repositories tied to high-severity CVEs (including CVE-2026-48908 and CVE-2025-64446) have been observed since late 2025 with significant package downloads; security researchers are urged to treat PoCs from untrusted sources with caution.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.