New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos
Summary
Attackers are distributing a new data-stealing trojan named ChocoPoC through fake proof-of-concept (PoC) exploit repositories on GitHub. These repositories are designed to lure vulnerability researchers by claiming to offer exploits for newly discovered CVEs. Upon execution, ChocoPoC steals sensitive information such as passwords, browser cookies, and files, and provides the attacker with remote shell access.
IFF Assessment
This article describes a new malware that targets security professionals, which is detrimental to defenders.
Defender Context
Defenders should be aware of social engineering tactics that target cybersecurity professionals, such as fake exploit repositories. It's crucial to verify the authenticity of any code or exploit shared on public platforms before execution to prevent malware infection and credential theft.