ChocoPoC: The Exploit You Cloned Is the Attack
ChocoPoC hides a remote access trojan inside trojanized CVE proof-of-concept repositories on GitHub, using a malicious PyPI dependency chain to compromise the researchers who clone them.
4 articles
ChocoPoC hides a remote access trojan inside trojanized CVE proof-of-concept repositories on GitHub, using a malicious PyPI dependency chain to compromise the researchers who clone them.
When DuckDuckGo's AI killed Trump with rabies, the world laughed. When AI coding assistants invent package names, attackers register them. Nobody's laughing then.
Operation Endgame's June 2026 action against SocGholish shows why fake browser updates, compromised WordPress sites, and criminal loader infrastructure still matter to defenders.
Trend Micro documented QLNX, a Linux RAT that combines credential harvesting, LD_PRELOAD persistence, PAM backdoors, and rootkit behavior. The real risk is not one infected host - it is the supply chain access behind it.