ChocoPoC RAT Targets Security Researchers Through Fake GitHub Proof-of-Concept Repositories
Attackers are disguising a Python-based remote access trojan as legitimate exploit code — and the bait is designed specifically for the people who hunt threats for a living.

A cluster of malicious GitHub repositories is distributing a Python-based remote access trojan called ChocoPoC, targeting security researchers, vulnerability analysts, and red teamers who routinely clone public proof-of-concept code.
Who Is Being Targeted — and Why That Matters
This campaign does not chase enterprise IT administrators or finance staff. It goes after the defenders: malware reversers, independent vulnerability researchers, and the red-team practitioners who test critical infrastructure for a living. That inversion is deliberate. Compromising a working security researcher does not yield one foothold — it potentially yields dozens. Every vendor relationship, bug bounty scope, and SSH key on that machine becomes a door.
The operators behind ChocoPoC remain unattributed. They show no obvious ransomware affiliation and no known nation-state signature. Behaviorally, they look like an access-and-collection outfit: build credibility quietly, wait for the audience to come to the repository, and harvest whatever the net catches. That model has precedent. Google's Threat Analysis Group documented a near-identical playbook in January 2021, when North Korea-linked actors created fake researcher personas on social platforms and GitHub to deliver backdoors to vulnerability researchers. The current campaign shares the structural logic even if attribution differs.
How the ChocoPoC Attack Works
The lure is engineered for its audience. Each repository advertises a proof-of-concept exploit for a recent, high-severity CVE — the kind of code a researcher reflexively clones to spin up in a lab environment. The repositories carried non-trivial star counts and fork numbers before takedown, which means some portion of visitors actually executed the payload.
Buried inside the Python source is a loader. On execution, it reaches out to a remote host and pulls down the ChocoPoC RAT. The malware then does the following:
- Fingerprints the host and opens a persistent command-and-control channel.
- Supports arbitrary shell execution, giving operators full interactive access.
- Scrapes browser-stored credentials, SSH keys, and files matching researcher-relevant keyword patterns.
- Exfiltrates everything over HTTPS to attacker infrastructure routed through commodity hosting providers.
The operators tied their own campaign together through laziness. Reused commit patterns and near-identical README boilerplate across multiple accounts allowed researchers to cluster the repositories into a single attributed campaign. The C2 domains were registered within days of each repository going live — a timing signal defenders can watch.
GitHub has removed the flagged repositories as reports arrive. New accounts are appearing quickly. Expect rebranding, not retirement.
Which Controls Failed
The root failure here is not a misconfiguration or an unpatched server. It is a trust assumption baked into professional habit. Security researchers treat public repositories as neutral technical resources. They are not. A repository is executable code from an unknown author, and the same skepticism a researcher applies to a phishing email should apply to a `git clone` command.
Specifically, three control gaps enable this campaign. First, the absence of isolated detonation hygiene: researchers running PoC code on machines that hold live SSH keys, active browser sessions, or cloud-provider tokens are collapsing the boundary between analysis and production. Second, insufficient code review before execution: the ChocoPoC loader hides in Python entry points — `setup.py`, `__init__.py`, import-time calls — that many researchers skip past to reach the exploit logic itself. Third, weak supply-chain scrutiny of third-party dependencies: malicious `requirements.txt` entries are a documented second-stage delivery method that a quick read would expose.
This is also a social-engineering problem at its core. The star counts and fork numbers on these repositories function exactly like social proof in a phishing email — they lower the recipient's guard. Security-awareness training programs that extend beyond phishing simulations to cover supply-chain and code-based social engineering give technical staff a mental model for exactly this kind of threat.
What the Economics Signal
There is no ransom demand in this story. No leak site, no negotiation portal. The economic logic points toward one of two outcomes: sale to an initial access broker, or quiet espionage. Stolen SSH keys and authenticated browser sessions from a researcher who touches ten different vendor environments are worth significantly more on the secondary market than a one-time ransom payment. The Verizon 2024 Data Breach Investigations Report found that stolen credentials appear in 77 percent of basic web application attacks — and credentials from a researcher's machine arrive pre-trusted by the targets that matter.
Practical Steps for Anyone Who Clones Exploit Code
If you work with public PoC repositories — or manage a team that does — these steps are not optional hygiene. They are the minimum floor.
Before you clone:
- Check the account's age, commit history consistency, and whether the README boilerplate matches other repositories exactly.
- Search the CVE identifier on NVD at nvd.nist.gov to confirm the PoC timing is plausible relative to the disclosure date.
- If the repository appeared within 72 hours of a high-CVSS advisory, treat it as higher risk by default.
Before you execute:
- Read `setup.py`, `__init__.py`, and `requirements.txt` in full. Import-time network calls are a red flag.
- Verify any listed dependencies against their PyPI publication date and maintainer history.
The detonation environment:
- Use a fully disposable VM with no SSH agent forwarding, no stored browser profiles, and no persistent cloud credentials.
- Enable egress logging. Unsigned Python that reaches out to an external host on import is hostile until proven otherwise.
After any exposure:
- Rotate all tokens, SSH keys, and session cookies that touched a machine running untrusted PoC code within the past 90 days.
- File an incident report internally even if you believe no data left the machine. You may be wrong.
Organizations that want to build this kind of adversarial thinking across a technical workforce — not just the security team — can explore structured training paths at train2secure.com/pricing. A free trial is available without a credit card.
How this attack could have been caught before execution
- Train technical staff to apply the same skepticism to third-party code repositories that they apply to suspicious email attachments — star counts and fork numbers are social proof, not safety signals.
- Establish a mandatory detonation checklist for any externally sourced exploit or PoC code: isolated VM, no live credentials, egress logging enabled, full source review before pip install.
- Run tabletop exercises simulating a researcher-targeted social engineering scenario so teams recognize the pattern before they encounter it in the wild.
Train2Secure offers security-awareness modules built for technical audiences — including scenarios that cover supply-chain and code-based social engineering, not just phishing simulations.
Start free — no card requiredSources & further reading
Frequently asked questions
What is ChocoPoC and how does it spread?
ChocoPoC is a Python-based remote access trojan distributed through GitHub repositories disguised as legitimate proof-of-concept exploit code. When a researcher clones and runs the repository, a loader embedded in the Python source fetches the RAT from attacker infrastructure and installs it silently.
Why are security researchers specifically targeted by this campaign?
Researchers routinely have access to multiple vendor environments, hold SSH keys for sensitive systems, and maintain authenticated sessions across bug bounty and consulting scopes. Compromising one researcher can unlock dozens of downstream targets — making them far more valuable than a typical enterprise employee.
How can I tell if a public GitHub PoC repository is malicious before running it?
Review the account's creation date and commit history for inconsistencies. Read setup.py, __init__.py, and requirements.txt before executing anything. Flag any code that initiates outbound network connections at import time, and always detonate unfamiliar code in an isolated VM with no live credentials present.
What should I do if I already ran code from one of these repositories?
Immediately rotate all SSH keys, API tokens, and session cookies associated with that machine. Conduct a network log review for outbound HTTPS connections to unfamiliar hosts. Report the incident to your security team regardless of whether you believe data was exfiltrated — early reporting dramatically limits downstream damage.



