Malicious PyPI Package soopsocks Infects 2,653 Systems

First reported

02.10.2025 16:07

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A malicious package named soopsocks was uploaded to the Python Package Index (PyPI) repository. The package, which claimed to offer SOCKS5 proxy capabilities, was downloaded 2,653 times before being taken down. It included backdoor functionality to drop additional payloads on Windows systems. The package was uploaded by a user named 'soodalpie' on September 26, 2025. The package executed various malicious activities, including system reconnaissance, firewall rule configuration, and persistence mechanisms.

Timeline

02.10.2025 16:07 1 articles · 2h ago

Malicious PyPI Package soopsocks Infects 2,653 Systems
On September 26, 2025, a malicious package named soopsocks was uploaded to the Python Package Index (PyPI) repository. The package, which claimed to offer SOCKS5 proxy capabilities, was downloaded 2,653 times before being taken down. It included backdoor functionality to drop additional payloads on Windows systems. The package executed various malicious activities, including system reconnaissance, firewall rule configuration, and persistence mechanisms.
Show sources

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07
Open in new tab

Information Snippets

The soopsocks package was uploaded to PyPI on September 26, 2025, by a user named 'soodalpie'.
First reported: 02.10.2025 16:07

1 source, 1 article
Show sources
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07
The package was downloaded 2,653 times before being taken down.
First reported: 02.10.2025 16:07

1 source, 1 article
Show sources
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07
The package included an executable (_AUTORUN.EXE) that performed system reconnaissance and exfiltrated information to a Discord webhook.
First reported: 02.10.2025 16:07

1 source, 1 article
Show sources
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07
The package used VBScript or an executable version to install itself and run PowerShell scripts.
First reported: 02.10.2025 16:07

1 source, 1 article
Show sources
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07
The package configured firewall rules, elevated permissions, and set up persistence on the host.
First reported: 02.10.2025 16:07

1 source, 1 article
Show sources
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07
The package maintained communication with a Discord webhook and set up a scheduled task to ensure it started upon system reboot.
First reported: 02.10.2025 16:07

1 source, 1 article
Show sources
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07
The package was designed to drop additional payloads on Windows systems.
First reported: 02.10.2025 16:07

1 source, 1 article
Show sources
- Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown — thehackernews.com — 02.10.2025 16:07