ChocoPoC Malware Uses Mapbox Dead-Drop C2 to Target Vulnerability Researchers
A malware campaign called ChocoPoC is targeting vulnerability researchers and penetration testers through trojanized proof-of-concept exploit repositories on GitHub and malicious Python dependencies on PyPI.
The campaign was documented in a joint investigation by Sekoia and YesWeHack. Researchers said ChocoPoC is a Python remote access trojan that can steal files, harvest browser data, and execute commands on compromised research machines.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The attack hides inside fake PoC repositories for high-profile vulnerabilities. The visible exploit code may look clean, while a malicious dependency in the requirements file installs the backdoor during a normal pip install step.
How the ChocoPoC Campaign Works
The infection starts when a researcher clones a malicious PoC repository and installs its dependencies. In the 2026 wave, the PoC pulls a package named frint, which then installs a second package named skytext.
The skytext package ships a compiled native Python extension named gradient.so on Linux or gradient.pyd on Windows. When the PoC runs, Python loads that compiled extension, which starts the malware chain.
BleepingComputer reported that ChocoPoC stands out because the malware does not need to sit directly in the PoC file. Instead, attackers hide the payload in a transitive dependency that a quick code review may miss.
Attack Chain at a Glance
| Stage | What happens | Why it matters |
|---|---|---|
| PoC lure | A fake GitHub repository claims to exploit a recent CVE | Researchers may test it quickly because new PoCs are time-sensitive |
| Dependency install | The requirements file pulls malicious Python packages | The visible exploit code can stay mostly harmless |
| Native extension load | gradient.so or gradient.pyd loads inside Python | The compiled payload runs under a normal Python workflow |
| Environment check | The malware looks for PoC filenames such as EXPLOIT_POC.py or exploit.py | Simple sandbox runs may not trigger the payload |
| Dead-drop retrieval | The downloader fetches ChocoPoC from a Mapbox dataset | Traffic blends with a legitimate cloud mapping service |
The malware uses anti-debugging and anti-analysis checks before it continues. It also checks the runtime context, which means it may stay quiet if analysts inspect the package by itself rather than running the full lure PoC.
This design creates a supply-chain trap for security researchers. The dependency chain becomes the weapon, while the fake exploit repository acts as bait.
Mapbox Used as a Dead-Drop Channel
ChocoPoC abuses the Mapbox Datasets API as a dead-drop command channel. The downloader reaches a Mapbox dataset feature, extracts a Base64-encoded value from a property field, decodes it, and executes the resulting Python code.
The malware also uses DNS-over-HTTPS through public resolvers to resolve the Mapbox domain without relying on the victimโs normal DNS path. That can help it avoid DNS sinkholes and monitoring tools that only watch standard DNS traffic.
The Hacker News reported that the RAT uses Mapbox as a dead-drop service and can fall back to a separate HTTP server for larger uploads. This lets the campaign mix trusted cloud traffic with more direct exfiltration infrastructure.
What ChocoPoC Can Steal
Once installed, ChocoPoC acts as a full remote access trojan. It can run shell commands, execute Python code, collect files, and gather system information from the victimโs workstation.
The RAT also targets browser data. Researchers said it can collect saved passwords, cookies, autofill data, and browsing history from popular browsers, including Chrome, Brave, Edge, and Firefox.
- Browser passwords, cookies, autofill data, and history
- Text files, markdown notes, and local database files
- Shell history from Linux and macOS-style environments
- Network configuration and running process lists
- Files and folders requested by the operator
- Arbitrary shell and Python command execution results
For vulnerability researchers, this access can expose client reports, exploit notes, credentials, testing infrastructure, and unpublished vulnerability research. That makes one infected workstation more valuable than an ordinary endpoint.
Why Vulnerability Researchers Are the Target
Security researchers often download and test untrusted exploit code as part of their work. They may also run PoCs with elevated privileges or inside research environments that contain sensitive tools and data.
YesWeHack said the campaign exploits the pressure to quickly validate newly disclosed vulnerabilities. Attackers use that urgency to push researchers toward newly created repositories and unfamiliar package dependencies.
The campaign also targets the trust model around public exploit sharing. A fake PoC may appear in a GitHub issue, community discussion, scanner template request, or vulnerability research workflow before defenders have time to verify it.
Fake PoCs Tied to Recent CVEs
Researchers found at least seven fake PoC repositories connected to the same broader ChocoPoC campaign. The lures focused on high-interest vulnerabilities that researchers would likely rush to test.
| Lure category | Associated CVE | Malicious dependencies observed |
|---|---|---|
| FortiWeb path traversal | CVE-2025-64446 | slogsec, logcrypt.cryptography |
| React2Shell | CVE-2025-55182 | slogsec, logcrypt.cryptography |
| MongoBleed | CVE-2025-14847 | slogsec, logcrypt.cryptography |
| PAN-OS authentication bypass | CVE-2026-0257 | frint, skytext |
| Ivanti Sentry command injection | CVE-2026-10520 | frint, skytext |
| Check Point VPN authentication bypass | CVE-2026-50751 | frint, skytext |
| Joomla SP Page Builder RCE | CVE-2026-48908 | frint, skytext |
Sekoia assessed with high confidence that one actor operated the 2025 and 2026 waves. The assessment was based on reused Mapbox feature IDs, environmental gates, anti-recursion markers, and similar code behavior.

The skytext package alone had around 2,400 downloads across Linux and Windows environments, according to the researcher report. Downloads do not prove all users were infected, but they show that the lure reached real systems.
Why the Dependency Trick Is Hard to Catch
The campaign shows why reviewing only the main exploit file is not enough. Attackers can leave the PoC mostly readable while moving the malicious behavior into a dependency that runs later.
The Python Packaging User Guide explains that installing Python packages often involves dependency resolution and downloads from package indexes. That convenience also creates risk when a project pulls packages from unknown or newly created maintainers.
The ChocoPoC loader also waits for specific filenames and module context before it activates. That means a security tool that detonates skytext alone may see nothing suspicious.
Indicators of Compromise
| Type | Indicator | Description |
|---|---|---|
| Domain | api.mapbox[.]com | Legitimate Mapbox API abused as a dead-drop C2 channel |
| Domain | dns.alidns[.]com | DNS-over-HTTPS resolver used by the downloader |
| Domain | cloudflare-dns[.]com | Alternate DNS-over-HTTPS resolver referenced by the downloader |
| File | gradient.so | Linux native Python extension used in the infection chain |
| File | gradient.pyd | Windows native Python extension used in the infection chain |
| File | choco.py | Downloader script that retrieves the final Python RAT |
| PyPI package | skytext | Malicious transitive dependency used in the 2026 wave |
| PyPI package | frint | Package that pulled skytext during installation |
| PyPI package | slogsec | Malicious package linked to an earlier wave |
| PyPI package | logcrypt.cryptography | Malicious package linked to an earlier wave |
These indicators can support threat hunting, but they should not be treated as complete coverage. The actor rotated GitHub, PyPI, and Mapbox accounts across campaign waves.
Defenders should also hunt for behavior. Useful signals include Python loading unexpected native extensions, new .pth files in site-packages, hidden Python processes, suspicious Mapbox dataset requests, and browser database access from Python processes.
How Researchers Can Reduce Risk
Researchers should treat public PoC repositories as untrusted code until verified. That means reviewing dependency files, package metadata, native extensions, commit history, and repository age before running anything.
The Python Packaging User Guide shows how quickly pip can install packages and dependencies. Researchers should use that same convenience carefully, especially when a PoC references obscure or newly published packages.
- Run untrusted PoCs only inside disposable virtual machines.
- Review requirements.txt and pyproject.toml before installing dependencies.
- Watch for native extensions such as .so, .pyd, or compiled wheels.
- Avoid running PoCs from newly created or anonymous GitHub accounts.
- Use network egress controls for research sandboxes.
- Keep client data, browser profiles, credentials, and SSH keys out of test machines.
- Prefer manual dependency inspection over blind pip install commands.
What Security Teams Should Monitor
Organizations with vulnerability research, red-team, or penetration-testing teams should monitor developer workstations for unusual Python behavior. These machines often hold access to tools, customer environments, and sensitive internal systems.
BleepingComputer noted that ChocoPoC can execute commands, steal browser data, collect files, and enumerate system details. That makes post-infection response broader than simply removing a malicious Python package.

Teams should rotate credentials used on any suspected system. They should also review browser-stored passwords, SSH keys, API tokens, VPN profiles, and client project files that may have been exposed.
Why Mapbox Traffic Needs Context
Mapbox is a legitimate service, so blocking all Mapbox traffic may not make sense for every organization. The better approach is to identify whether developer machines should contact Mapbox dataset endpoints at all.
The Mapbox Datasets API is designed for working with dataset features, not malware delivery. ChocoPoC abused that legitimate functionality to hide instructions inside data fields controlled by the attacker.
The Hacker News also reported that Spanish-language command names and code issues led researchers to believe the RAT was hand-written rather than AI-generated. No public report has attributed the campaign to a named threat group.
Security Takeaway
ChocoPoC shows that exploit researchers are now being targeted through the same public PoC ecosystem they rely on for rapid testing. The main risk is not only malicious code inside an exploit file, but also hidden code buried in dependencies.
The campaign also shows how attackers can abuse trusted developer workflows. A single pip install command can pull a malicious package, load a compiled extension, fetch a RAT from a dead-drop service, and expose sensitive research data.
Security researchers should slow down before running new PoCs, even during high-pressure disclosure windows. Treat dependency chains as part of the exploit, not as background setup.
FAQ
ChocoPoC is a Python remote access trojan delivered through trojanized proof-of-concept exploit repositories and malicious Python dependencies. It can steal data, collect browser information, and execute commands on compromised systems.
The campaign targets vulnerability researchers, penetration testers, and security teams that download and run public proof-of-concept exploit code for newly disclosed vulnerabilities.
ChocoPoC uses Mapbox datasets as a dead-drop command channel. The downloader retrieves encoded Python payloads from dataset feature properties and executes them on the infected system.
The campaign has been linked to malicious packages including frint, skytext, slogsec, and logcrypt.cryptography. The 2026 wave used frint and skytext, while an earlier wave used slogsec and logcrypt.cryptography.
Researchers should review dependency files before installing packages, test PoCs only in disposable virtual machines, block unnecessary outbound traffic, avoid unknown repositories, and keep credentials and client data away from research sandboxes.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
User forum
0 messages