Security researchers, the very professionals tasked with identifying and mitigating vulnerabilities, are now finding themselves targeted by a sophisticated new threat. ChocoPoC, a recently discovered remote access trojan (RAT), is being distributed through fake proof-of-concept exploit repositories on GitHub, turning a trusted resource into a dangerous trap. The attackers have cleverly weaponized the trust placed in shared vulnerability research, creating a particularly insidious threat that undermines the collaborative nature of the security community.

The ChocoPoC RAT operates by masquerading as legitimate Python proof-of-concept code for recently disclosed CVE vulnerabilities. When researchers download and execute what they believe to be a genuine exploit demonstration, they instead activate a malicious payload that systematically steals saved passwords, browser cookies, and sensitive files from their systems. Worse still, the malware provides attackers with persistent shell access to compromised machines, potentially exposing proprietary research methodologies, corporate security findings, and personal credentials of some of the most security-aware professionals in the industry.

This attack specifically targets