ChocoPoC RAT Hides in Fake GitHub Exploits, Targets Security Researchers

A cluster of trojanized proof-of-concept repositories is pushing a Python-based RAT to the very people who go looking for them.

ThreatVectr Newsdesk· 2 min read
ChocoPoC RAT Hides in Fake GitHub Exploits, Targets Security Researchers
Share

A cluster of GitHub repositories posing as proof-of-concept exploits has been quietly seeding a Python-based remote access trojan researchers are calling ChocoPoC.

The target set is unusual. It's not enterprise. It's the people who write about enterprise breaches — vulnerability analysts, red teamers, malware reversers.

The operators, so far unattributed, aren't a named ransomware crew or a known state actor. They behave more like an access-and-collection outfit: build credibility on GitHub, wait for the audience to come to them, harvest whatever lands in the net. Similar tradecraft has been documented against researchers before, most notably the North Korea–linked social engineering campaign Google TAG flagged in 2021.

The lure is the payload. Multiple repositories advertise PoCs for recent, high-CVSS CVEs — the kind researchers clone reflexively to test in a lab. Buried in the Python source is a loader that pulls ChocoPoC from a remote host.

Once running, the RAT does what RATs do. It fingerprints the host, opens a command channel, and supports arbitrary shell execution. It also scrapes browser data, SSH keys, and files matching researcher-flavored keywords. Exfiltration goes out over HTTPS to attacker infrastructure fronted through commodity hosting.

Several of the repos had non-trivial star counts and forks before takedown, suggesting some victims actually ran the code. The operators reused commit patterns and README boilerplate across accounts, which is how the cluster got tied together in the first place.

There is no ransom in this story. No leak site, no negotiation portal, no sector breakdown of victims. The economics look closer to espionage or resale to an initial access broker than to extortion. Stolen SSH keys and browser sessions from a working researcher can quietly become a foothold at whichever vendor, consultancy, or bug bounty program that researcher touches next.

Indicators shared so far include a set of GitHub handles pushing near-identical PoC scaffolding, and C2 domains registered within days of the repos going live. Defenders running detonation pipelines against public PoCs should treat unsigned Python that reaches out on import as hostile by default.

A few practical notes for anyone who clones exploit code for a living:

  • Detonate in a disposable VM with no persistent credentials, no SSH agent forwarding, and egress logging on.
  • Read the setup.py, __init__.py, and any requirements.txt before pip install. Malicious dependencies are a common second stage.
  • Rotate any tokens, keys, or session cookies that touched a machine which ran an untrusted PoC in the last 90 days.

GitHub has removed the flagged repositories as they've been reported, but the accounts spin back up quickly. Expect the campaign to rebrand rather than retire.

© 2026 Threat Vectr