New ChocoPoC malware targets researchers via trojanized PoC exploits
ID: b26f4fc3-06ba-55a3-9dc5-7a6cb5b3f465
STIX ID: report--b26f4fc3-06ba-55a3-9dc5-7a6cb5b3f465
Feed Name: Bleeping Computer
Threat Score
ChocoPoC: multiple GitHub PoC exploits were found that add trojanized PyPI dependencies (frint → skytext) which load a Python RAT (ChocoPoC). The RAT supports command execution, arbitrary Python execution, file upload, and harvesting of browser passwords/cookies and other sensitive artifacts; attackers used compromised accounts to publish packages and the malicious dependency was downloaded ~2,400 times, indicating active abuse targeting security researchers.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
