logo

New ChocoPoC malware targets researchers via trojanized PoC exploits

ID: b26f4fc3-06ba-55a3-9dc5-7a6cb5b3f465

STIX ID: report--b26f4fc3-06ba-55a3-9dc5-7a6cb5b3f465

Feed Name: Bleeping Computer

Threat Score
70/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: Bill Toulas

...
...

ChocoPoC: multiple GitHub PoC exploits were found that add trojanized PyPI dependencies (frint → skytext) which load a Python RAT (ChocoPoC). The RAT supports command execution, arbitrary Python execution, file upload, and harvesting of browser passwords/cookies and other sensitive artifacts; attackers used compromised accounts to publish packages and the malicious dependency was downloaded ~2,400 times, indicating active abuse targeting security researchers.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.