2,400: that is the number Sekoia researchers recorded for downloads of a malicious Python package tied to a new campaign that weaponizes proof‑of‑concept (PoC) exploits on GitHub to deliver a remote access trojan (RAT) called ChocoPoC.
How ChocoPoC reaches victims via trojanized PyPI packages
Researchers at cybersecurity company Sekoia describe a multi-stage supply‑chain trick that avoids embedding malware directly in exploit files. Instead of modifying PoC code, attackers add malicious Python packages to a repository’s dependency list. The packages are hosted on the Python Package Index (PyPI). When a researcher clones a trojanized PoC repository, a package named frint is automatically fetched and installed.
During that installation the package pulls a second malicious dependency, skytext, which contains a compiled native Python extension. When the PoC executes the extension runs, decrypts embedded Python, and triggers a downloader that retrieves the final payload — ChocoPoC — from a Mapbox dataset. The campaign also uses Mapbox datasets for exfiltration of data, while larger uploads are handled via a separate HTTP server.
Capabilities of the ChocoPoC RAT
- Execute arbitrary shell commands and arbitrary Python code.
- Upload files and directories from the host.
- Collect browser passwords, cookies, autofill data, and browsing history.
- Search for text files, markdown documentation files, and database files.
- Gather shell history from the host and collect network configuration.
- Enumerate running processes.
Exploits and CVEs used as lures
Sekoia identified at least seven GitHub PoC repositories distributing ChocoPoC while hosting exploits for widely discussed vulnerabilities. The repositories included PoCs for:
- FortiWeb — CVE‑2025‑64446
- React2Shell — CVE‑2025‑55182
- MongoBleed — CVE‑2025‑14847
- PAN‑OS — CVE‑2026‑0257
- Ivanti Sentry — CVE‑2026‑10520
- Check Point VPN — CVE‑2026‑50751
- Joomla SP Page Builder — CVE‑2026‑48908
Sekoia reports that downloads of the skytext package surged following disclosure of a popular vulnerability, a pattern consistent with using trending PoCs as a lure to draw in researchers and testers.
Evidence of compromised accounts and attacker behavior
Sekoia found operational indicators suggesting account compromise played a central role. The researchers located several email addresses associated with GitHub committers linked to other PoC trojanizing activity in late 2025. Credentials for two of those addresses appeared in leak databases, and Sekoia writes the login for another address is "highly likely originates from an infostealer compromise."
On those findings Sekoia researchers state: "According to these findings, we assess with high confidence that the attacker primarily employed compromised accounts to publish malicious PyPI packages and PoCs." The group also reported that an earlier phase of the campaign used two different packages, slogsec and logcrypt.cryptography, with very similar source code delivering the same ChocoPoC payload. Sekoia noted most skytext downloads were performed on Linux systems.
What this means for vulnerability researchers, security teams, and open‑source maintainers
- Vulnerability and penetration testers: The campaign targets those who routinely run untrusted PoCs. Sekoia’s recommendation is explicit — never blindly trust GitHub repositories and only execute unverified code in isolated environments. Researchers who clone and run PoCs should treat dependency lists as potential attack vectors.
- Security teams and defenders: Monitor dependency installations from PyPI and unusual usage of third‑party hosting — including Mapbox datasets — which this campaign abuses for payload delivery and data exfiltration. Correlate package installs with endpoint telemetry, and isolate instances that install unexpected native extensions.
- Open‑source maintainers and platform operators: The campaign’s apparent reliance on compromised accounts to publish malicious packages highlights the need for stronger account hygiene and monitoring on both code hosting and package repositories. Review committers and package publishers tied to PoC projects, and consider additional verification for dependency manifests in popular exploit repositories.
ChocoPoC illustrates a pragmatic adaptation by attackers: keep the visible exploit intact while delegating malicious behavior to dependencies that look innocuous when examined in isolation. The result is a threat that preys on the trusted workflows of researchers and testers — and one that, according to Sekoia’s analysis, has already reached thousands of downloads. How many more PoCs contain similar surprises remains an open question for those who publish, use, and defend around exploit code.




