Security · 2h ago
Fake PoC Repos on GitHub Deploy ChocoPoC Trojan Against Security Researchers
Attackers are distributing a new data-stealing trojan called ChocoPoC through fake proof-of-concept exploit repositories on GitHub. The malware targets vulnerability researchers by posing as working exploits for recent CVEs, then steals passwords, cookies, and files while granting remote shell access. The campaign was uncovered by YesWeHack.
Meridian48 take
This attack underscores a growing trend where threat actors weaponize trust in open-source security research, turning the very tools researchers rely on into attack vectors.
Read the full reporting
New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos →
The Hacker News
supply-chain-attackgithub-malware