All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

New ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Repos

By

[email protected] (The Hacker News)

2d ago

Source

thehackernews.comNew ChocoPoC RAT Targets Vulnerability Researchers via Fake PoC Exploit Reposthehackernews.com
Snippet from the RSS feed
Attackers are hiding a data-stealing trojan inside fake exploit code aimed at the people who hunt bugs for a living. The malware, called ChocoPoC, travels in Python proof-of-concept (PoC) repositories on GitHub that claim to exploit hot new CVEs. Run one, and it quietly lifts your saved passwords, browser cookies, and files, then hands the attacker a shell on your machine. YesWeHack and

You might also wanna read

Exploitarium: A consolidated GitHub archive of public exploit PoCs and vulnerability research writeups

A GitHub repository called "exploitarium" that consolidates public proof-of-concept exploit code and vulnerability research writeups. The au

github.com·7d ago

Glitch SPY: New Android RAT Distributed Through Fake Polish Rental App Targets Users via Accessibility Service Abuse

Cyble Research Labs identified Glitch SPY, a new Android Remote Access Trojan (RAT) builder platform discovered through an exposed command-a

hendryadrian.com·3d ago

Check Point uncovers crypto-stealing malware campaign abusing GitHub, YouTube, and VirusTotal

A cybercriminal campaign discovered by Check Point researchers used fake GitHub activity (stars, reviews), YouTube tutorials, and manipulate

helpnetsecurity.com·14d ago

Glassworm Threat Actor Returns with Unicode-Based Supply Chain Attacks on GitHub, npm, and VS Code

The Glassworm threat actor has returned with a new wave of supply chain attacks using invisible Unicode characters to compromise software re

aikido.dev·3mo ago

Typosquatted npm Package Delivers Windows RAT with Encrypted C2 and Registry Persistence

A malware campaign targets Windows systems via a typosquatted npm package called postcss-minify-selector-parser, disguised as the legitimate

cybersecuritynews.com·10d ago

Critical Gogs RCE bug (CVSS 9.4) remains unpatched; exploit module now public

A critical remote code execution (RCE) vulnerability rated 9.4/10 has been discovered in Gogs, a popular open-source self-hosted Git service

theregister.com·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.