Cybersecurity researchers have identified a campaign distributing a Python-based remote access trojan called ChocoPoC through trojanized proof-of-concept (PoC) exploit repositories on GitHub. The campaign appears specifically designed to target vulnerability researchers and penetration testers who routinely clone and execute exploit code.
A Novel Delivery Mechanism
What distinguishes ChocoPoC from earlier trojanized PoC campaigns is its delivery approach. Rather than embedding malicious code directly inside the exploit file, the attackers add a malicious Python package named frint to the PoC repository’s dependency list, hosted on the Python Package Index (PyPI). When a victim clones the repository and runs the code, frint is automatically installed and pulls a secondary package, skytext, which contains a compiled native Python extension.
During execution, the extension decrypts embedded Python code that triggers a downloader, which retrieves the final ChocoPoC payload from a Mapbox dataset. Mapbox datasets are also used for data exfiltration, with larger uploads handled through a separate HTTP server. Researchers at Sekoia and YesWeHack jointly analyzed the campaign.
Capabilities of ChocoPoC
Once installed, ChocoPoC gives attackers broad access to a compromised system. Its documented capabilities include:
- Executing arbitrary shell commands and Python code
- Uploading files and directories to attacker infrastructure
- Collecting browser passwords, cookies, autofill data, and browsing history
- Searching for text files, markdown documentation, and database files
- Gathering shell history and network configuration details
- Enumerating running processes
Scope and Targeted Vulnerabilities
Sekoia identified at least seven malicious PoC repositories on GitHub, each purporting to exploit vulnerabilities in widely used products including FortiWeb, PAN-OS, Ivanti Sentry, Check Point VPN, Joomla SP Page Builder, React2Shell, and MongoBleed. The skytext package was downloaded approximately 2,400 times, predominantly on Linux-based systems, with download spikes correlating to the disclosure of high-profile vulnerabilities used as lures.
Sekoia also found that earlier stages of the same campaign used two different PyPI packages, slogsec and logcrypt.cryptography, delivering the identical ChocoPoC payload. The source code across these packages was closely related, suggesting a single actor or group.
Attribution and Compromised Accounts
Attribution remains unclear, but Sekoia linked several GitHub committer email addresses to a separate trojanized PoC campaign from late 2025. Two of those email addresses appeared in credential leak databases, and a third showed indicators consistent with infostealer compromise. Sekoia assesses with high confidence that the attacker primarily leveraged compromised accounts to publish the malicious PyPI packages and repositories.
Recommendations
Researchers warn that this technique is particularly effective because the exploit itself remains functional and appears legitimate, while the malicious behavior is offloaded to seemingly innocuous dependency packages. Security professionals are advised to avoid blindly trusting public GitHub repositories and to execute any unverified or untrusted code exclusively within isolated, sandboxed environments.
