Listen to this Post
Introduction: The Growing Danger Behind Trusted Security Tools
Cybersecurity professionals have long relied on proof-of-concept (PoC) exploits shared on GitHub to validate vulnerabilities, test defenses, and understand emerging threats. These repositories are often considered valuable learning resources, especially when new vulnerabilities capture global attention. But attackers are becoming increasingly creative. Instead of exploiting software alone, they are now exploiting the trust placed in open-source ecosystems.
A newly uncovered campaign demonstrates just how dangerous that trust can become. Rather than modifying exploit code directly, attackers quietly poisoned the software supply chain by embedding malicious Python packages into project dependencies. Victims who believed they were testing legitimate vulnerability exploits unknowingly installed a sophisticated remote access trojan called ChocoPoC, giving attackers full control over their systems.
Summary: Malware Hidden in Dependencies Instead of Exploits
Researchers from Sekoia have uncovered a sophisticated malware campaign distributing a Python-based remote access trojan known as ChocoPoC through multiple weaponized GitHub proof-of-concept repositories.
Unlike previous attacks where malware was directly inserted into exploit scripts, this campaign takes a far stealthier approach. The exploit code itself remains functional and appears legitimate. Instead, attackers modify the project’s dependency list so that cloning and installing the repository automatically downloads malicious Python packages from the Python Package Index (PyPI).
The infection begins with a seemingly harmless package named frint, which secretly installs another dependency called skytext. That package contains a compiled Python extension capable of decrypting hidden code during execution. The decrypted payload launches a downloader that retrieves the final ChocoPoC malware from a Mapbox dataset, helping attackers evade traditional security detection.
This technique transforms trusted development workflows into attack vectors, making the compromise extremely difficult to detect without carefully inspecting every dependency involved.
How the Infection Chain Works
The attack begins when a researcher clones what appears to be a legitimate GitHub repository containing a proof-of-concept exploit for a recently disclosed vulnerability.
During dependency installation, Python automatically downloads the package frint from PyPI. While the package appears harmless, its installation process silently installs another dependency called skytext.
The skytext package contains a compiled native extension that executes automatically when the exploit runs. Instead of exposing malicious code directly, it decrypts hidden Python instructions embedded within itself.
Those decrypted instructions contact a remotely hosted Mapbox dataset and download the final payload, ChocoPoC. By separating every stage of the infection chain, the attackers dramatically reduce the chances of static detection or manual code review revealing the malware.
Why This Supply Chain Technique Is More Dangerous
Traditional malicious repositories often expose suspicious scripts or obfuscated code that analysts can identify during inspection.
This campaign changes the rules.
The GitHub repository itself remains largely authentic, and the exploit continues working exactly as expected. The malicious behavior is delegated entirely to external Python dependencies that appear unrelated to the exploit.
Anyone reviewing only the exploit source code may conclude it is perfectly safe while completely overlooking the dependency chain responsible for installing malware.
This represents another evolution of software supply-chain attacks, where trust in package managers becomes the primary attack surface.
What ChocoPoC Can Do After Infection
Once installed, ChocoPoC provides attackers with extensive remote control over compromised systems.
Its capabilities include:
Executing arbitrary shell commands.
Running custom Python code remotely.
Uploading files and entire directories.
Stealing browser passwords.
Extracting authentication cookies.
Collecting autofill information.
Gathering browsing history.
Searching markdown documents and text files.
Harvesting database files.
Reading shell command history.
Collecting network configuration details.
Enumerating running processes.
Smaller stolen data is exfiltrated through Mapbox datasets, while larger files are uploaded through dedicated HTTP servers controlled by the attackers.
This combination enables both espionage and long-term persistence against targeted systems.
Popular Vulnerabilities Used as Bait
Researchers discovered at least seven malicious GitHub repositories distributing ChocoPoC by advertising exploits for recently disclosed vulnerabilities.
The fake repositories claimed to provide exploits for:
FortiWeb (CVE-2025-64446)
React2Shell (CVE-2025-55182)
MongoBleed (CVE-2025-14847)
PAN-OS (CVE-2026-0257)
Ivanti Sentry (CVE-2026-10520)
Check Point VPN (CVE-2026-50751)
Joomla SP Page Builder (CVE-2026-48908)
These highly publicized vulnerabilities generated significant attention across the cybersecurity community, increasing the likelihood that researchers would quickly clone and execute the repositories without performing detailed inspections.
Linux Systems Were the Primary Targets
Researchers observed approximately 2,400 downloads of the malicious skytext package.
Most installations occurred on Linux systems, reflecting the reality that penetration testers, malware analysts, and vulnerability researchers frequently perform their work using Linux environments.
The campaign experienced major spikes in downloads immediately following the public disclosure of trending vulnerabilities, suggesting attackers closely monitor cybersecurity news to maximize infection opportunities.
Evidence Suggests Compromised Developer Accounts
The campaign appears to have evolved over time.
Before using the packages frint and skytext, attackers distributed nearly identical malware using earlier packages named slogsec and logcrypt.cryptography.
Investigators also traced multiple GitHub committers involved in the campaign to email addresses that appeared in leaked credential databases.
According to
Rather than creating entirely new identities, the attackers likely hijacked legitimate developer accounts to increase the credibility of their repositories and PyPI uploads.
Why Security Researchers Have Become Prime Targets
Security researchers occupy a unique position within modern cybersecurity.
Unlike ordinary users, they intentionally execute untrusted software every day while investigating vulnerabilities, malware samples, and proof-of-concept exploits.
Attackers understand this behavior.
Compromising a researcher can provide access to proprietary vulnerability research, corporate VPN credentials, internal penetration-testing tools, cloud infrastructure, or confidential customer environments.
As a result, offensive security professionals have increasingly become high-value targets for sophisticated threat actors.
Defending Against Dependency-Based Malware
The discovery of ChocoPoC highlights the importance of verifying every component within an open-source project rather than trusting repository popularity or exploit functionality.
Organizations and independent researchers should:
Audit dependency lists before installation.
Pin trusted package versions.
Verify package maintainers.
Execute PoC exploits inside isolated virtual machines or containers.
Monitor outbound network traffic during testing.
Use sandbox environments for vulnerability validation.
Avoid running newly published GitHub repositories directly on production workstations.
Modern software supply-chain attacks frequently bypass traditional antivirus solutions because they rely on trusted development infrastructure rather than obvious malware downloads.
Deep Analysis: Investigating Suspicious Python Dependencies and Supply Chain Risks
Security researchers should validate every layer of a repository before execution. Useful Linux commands for investigating potentially malicious Python packages include:
Clone without executing anything git clone https://github.com/example/project.git
Review dependency files
cat requirements.txt cat pyproject.toml
Inspect setup scripts
find . -name "setup.py" find . -name "setup.cfg"
Search for suspicious imports
grep -R subprocess .
grep -R exec( .
grep -R eval( .
grep -R __import__ .
Check installed packages
pip list
Inspect package metadata
pip show frint pip show skytext
Download package without installing
pip download frint
Extract package contents
tar -xf .tar.gz
Search for compiled extensions
find . -name ".so"
Examine binary strings
strings .so
Review network connections
ss -tunap
Monitor processes
ps aux
Observe filesystem activity
inotifywait -m .
Trace execution
strace python exploit.py
Capture network traffic
tcpdump -i any
Analyze downloaded payloads
sha256sum
Verify package signatures when available
gpg –verify
Create isolated environment
python3 -m venv lab
Run inside container
docker run --rm -it python:latest
Remove suspicious environment
rm -rf lab
These commands help investigators understand package behavior before allowing untrusted code to execute, significantly reducing exposure to dependency-based attacks.
What Undercode Say:
The ChocoPoC campaign is another reminder that modern cyberattacks are shifting away from exploiting software vulnerabilities alone and toward exploiting developer trust. The malicious repository is no longer the only concern. Today, every dependency, package manager, build script, installer, and external download endpoint represents another potential attack surface.
One of the most interesting aspects of this campaign is that the exploit code itself remains operational. This makes automated code review significantly less effective because analysts naturally focus on the exploit logic rather than package installation routines.
Dependency confusion and software supply-chain attacks continue to mature. Threat actors increasingly understand the workflows of developers, penetration testers, and security researchers, allowing them to weaponize tools that victims intentionally execute.
The abuse of PyPI demonstrates how attackers leverage trusted ecosystems rather than creating completely new infrastructure. Developers often assume packages hosted on official repositories are inherently trustworthy, yet package repositories remain attractive targets for malicious uploads.
Hosting the final payload inside a Mapbox dataset is equally noteworthy. Using legitimate cloud platforms helps malware blend into normal network traffic while avoiding many traditional indicators of compromise.
Linux dominance among victims also reflects current industry practices. Offensive security professionals overwhelmingly use Linux for vulnerability research, making it a logical operating system to prioritize.
The repeated use of compromised developer accounts further illustrates that identity security has become just as important as endpoint security. A trusted account can be more dangerous than sophisticated malware.
Organizations should begin treating software dependencies as executable code rather than harmless libraries. Every imported package deserves security validation.
Automated dependency scanning should become mandatory in research environments.
Containerized testing environments should replace direct execution on analyst workstations.
Repository popularity should never be confused with repository safety.
Recent publication dates should increase caution instead of trust.
The cybersecurity community must also recognize that attackers actively monitor vulnerability disclosures and rapidly publish fake repositories within hours.
Threat hunting should include monitoring newly published packages associated with trending CVEs.
Software Bills of Materials (SBOMs) may become increasingly valuable for tracking unexpected dependencies.
Behavioral monitoring remains more reliable than static analysis when dealing with staged payloads like ChocoPoC.
Python’s flexibility continues to make it attractive for both defenders and attackers.
Compiled Python extensions deserve greater scrutiny because they frequently bypass superficial source-code inspection.
Researchers should validate outbound network requests generated during exploit execution.
Network segmentation can significantly reduce post-compromise impact.
Package signing adoption remains inconsistent across many open-source ecosystems.
Open-source communities may need stronger maintainer verification mechanisms.
Cloud-hosted payloads will likely become increasingly common because they blend with legitimate services.
Security awareness training should include supply-chain attack simulations rather than focusing solely on phishing.
Modern attackers increasingly combine social engineering with technical sophistication.
Trust should always be earned through verification.
The future of software security depends not only on secure code but also on secure ecosystems.
✅ Verified: Researchers confirmed that ChocoPoC is distributed through malicious Python dependencies hosted on PyPI rather than directly embedded inside GitHub proof-of-concept exploit files.
✅ Verified: The malware is capable of executing remote commands, stealing browser credentials, collecting shell history, uploading files, and gathering extensive host information, making it a fully featured remote access trojan.
✅ Verified: Evidence indicates the campaign likely relied on compromised developer accounts to publish malicious packages and GitHub repositories, increasing the credibility of the attack while making detection more difficult.
Prediction
(+1) Supply-chain security tools capable of automatically analyzing dependency behavior before installation will become standard across enterprise development pipelines, significantly reducing successful attacks like ChocoPoC. 🔒📦
(-1) Threat actors will continue shifting toward dependency-based malware campaigns because developers and researchers increasingly depend on automated package managers, making software ecosystems one of the most attractive targets for future cyber espionage operations. ⚠️🕵️
▶️ Related Video (74% Match):
🕵️📝Let’s dive deep and fact‑check.
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.discord.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube




