Security · 2h ago
Trojanized PoC exploits on GitHub target security researchers
Multiple fake proof-of-concept exploits on GitHub deliver a Python RAT called ChocoPoC. The malware executes commands and steals sensitive data, likely targeting cybersecurity researchers. The campaign highlights supply-chain risks in open-source security tools.
Meridian48 take
The attack underscores how trust in open-source PoCs can be weaponized, making verification critical for researchers.
Read the full reporting
New ChocoPoC malware targets researchers via trojanized PoC exploits →
Bleeping Computer
malwaresupply-chain-attack