A newly discovered remote access trojan, ChocoPoC, is targeting vulnerability researchers by disguising itself as proof-of-concept exploit code on GitHub. The malware is embedded in Python repositories that claim to exploit recently disclosed CVEs, allowing attackers to steal sensitive information, including saved passwords, browser cookies, and files, and gain a shell on the compromised machine1. This tactic exploits the trust that security researchers have in open-source code repositories, making it a particularly insidious threat. The use of fake PoC repositories as a delivery mechanism highlights the need for researchers to exercise extreme caution when interacting with unverified code. This threat matters to practitioners because it underscores the importance of verifying the authenticity of code repositories and being aware of the potential risks associated with executing untrusted code, in order to protect themselves and their organizations from targeted attacks.