A reported campaign called ChocoPoC turns the normal rush for fresh exploit code into an infection path, using fake GitHub PoC repositories to deliver a Python RAT and target browser-stored secrets.