Security researchers have uncovered a long-running campaign that turns trusted proof-of-concept exploits into weapons against the very people who study vulnerabilities for a living.
The operation, tracked under the name ChocoPoC, hides a fully functional Python remote access trojan inside trojanised exploit code shared on GitHub and PyPI.
Victims who download and run what looks like a normal PoC unknowingly install a backdoor capable of stealing data and executing further commands.
The attackers rely on a mix of poisoned GitHub repositories and malicious Python packages to reach their targets. Fake exploit code often ships with a tampered requirements.txt file that quietly installs an extra dependency during a routine pip install.
That single step triggers a chain involving a compiled native extension, anti-debugging checks, and a hidden downloader that fetches the final payload from the internet.

Analysts at Sekoia identified the campaign after tracing repeated waves of infected repositories and malicious packages back to a shared infrastructure and coding style.
Their investigation found that the group has been active since at least 2023, refining its lures with each new wave rather than abandoning the approach after exposure.
The persistence suggests a deliberate, long-term strategy aimed squarely at the vulnerability research community.
Sekoia said in a report shared with Cyber Security News (CSN) that the campaign shows how attractive security researchers have become as targets, since compromising them can offer early access to unpublished exploits and research data.
Because researchers frequently disable security tools while testing exploits, they make unusually soft targets compared with typical enterprise users.
Hackers Use Mapbox Dead-Drop C2 and Python RAT
The infection begins the moment a victim installs a rigged package, which quietly drops a native extension file such as gradient.so on Linux or gradient.pyd on Windows.
This file is loaded directly into memory using Python’s own extension-loading mechanism, so it never touches disk as a separate suspicious binary.
Once active, the code performs anti-debugging checks, looking for hardware breakpoints and testing for a remote debugger before continuing.

This figure, referenced in the source material as Figure2, illustrates the ChocoPoC infection chain from tainted PoC to final payload.
A hashing routine then scans the researcher’s own files, comparing them against known exploit filenames like exploit.py or EXPLOIT_POC.py.
shown in Figure3 as the hashing algorithm used for this matching step.
If a match is found, a hidden Python launcher named choco.py drops onto the system and prepares to fetch the actual remote access trojan.
Mapbox Dead Drop And Data Theft
Instead of contacting a traditional server, the downloader reaches out to the Mapbox Datasets API, a legitimate mapping service, and pulls its next set of instructions from a stored dataset property.
This dead-drop trick lets malicious traffic blend in with normal web requests to a well-known cloud platform, making it harder for defenders to flag as suspicious.
To resolve the Mapbox address without exposing typical DNS traffic, the malware uses DNS-over-HTTPS resolvers rather than a system’s usual name servers.
Once connected, the resulting Python RAT can run shell commands, execute additional Python code, browse and steal files, harvest saved browser data, and gather basic system details such as network configuration and running processes.
Sekoia also found that the RAT includes a delay command that pauses activity, letting operators avoid detection during quiet periods between campaigns.
Some strings inside the malware appear in Spanish, hinting at the developer’s background even though the targeting itself spans a broad, international pool of researchers.
The report recommends that anyone downloading proof-of-concept code review it carefully before execution, avoid installing packages from unfamiliar or newly created repositories, and treat unexpected native extensions with suspicion.
Running suspicious exploit code inside an isolated sandbox rather than a primary research machine is also advised, since it limits what an attacker can reach if the code turns out to be malicious.
Because the campaign leans on trust within the open research community, ongoing vigilance and cross-checking of PoC sources remain the most practical defense available right now.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| Domain | api.mapbox[.]com | Abused legitimate Mapbox API used as dead-drop C2 channel |
| Domain | dns.alidns[.]com | DNS-over-HTTPS resolver used to resolve C2 domain covertly |
| Domain | cloudflare-dns[.]com | DNS-over-HTTPS resolver used to resolve C2 domain covertly |
| File Name | gradient.so / gradient.pyd | Malicious native Python extension implant loaded via PyInit_gradient |
| File Name | choco.py | ChocoPoC downloader script that fetches the Python RAT |
| PyPI Package | skytext | Malicious PyPI package used to distribute the trojanised dependency |
| File Name | EXPLOIT_POC.py / exploit.py / exploit_poc.py | Lure exploit filenames targeted by the hashing routine |
| Email Account | leechuung@mail.com | Compromised account used to publish malicious PyPI packages |
| Email Account | faberhung@mail.com | Compromised account used to publish malicious PyPI packages |
| URL | hxxps://api.mapbox[.]com/datasets | Endpoint queried to retrieve dead-drop C2 instructions |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.