A malicious Python package named soopsocks was found on PyPI, disguised as a SOCKS5 proxy with a hidden backdoor functionality targeting Windows systems. It exfiltrates data via Discord Webhook and installs persistent backdoors, raising concerns about supply chain security. #PyPI #soopsocks #DiscordWebhook
Keypoints
- The soopsocks package was downloaded over 2,650 times before being removed from PyPI.
- It masquerades as a SOCKS5 proxy but performs malicious activities including reconnaissance and privilege escalation.
- The backdoor includes running PowerShell scripts, configuring firewall rules, and establishing persistence through scheduled tasks.
- The executable component is compiled in Go and communicates with a Discord webhook to exfiltrate data.
- Security measures like Socket Firewall are now available to block such malicious packages during installation.
Read More: https://thehackernews.com/2025/10/alert-malicious-pypi-package-soopsocks.html