Malware Mischief: Malicious Python Package Soopsocks Shocks with Stealthy Backdoor
The soopsocks PyPI package promised SOCKS5 proxy magic but delivered a stealthy backdoor performance worthy of a cyber thriller. With 2,653 downloads before its dramatic exit, it installed itself as a Windows service, changed firewall settings, and relayed secrets to a Discord webhook. Talk about being the worst house guest ever!
Hot Take:
Oh, PyPI, your name sounds like a delightful dessert, but your soopsocks package is more like a spicy jalapeño in an unsuspecting chocolate truffle. It’s a classic case of “I came for the SOCKS5 proxy, but all I got was this lousy backdoor.” Maybe it’s time for cyber villains to knock it off with the sneaky backdoor tactics and stick to knitting socks—actual socks, not the network kind.
Key Points:
- Malicious PyPI package soopsocks offered SOCKS5 proxy while secretly acting as a backdoor.
- 2,653 downloads before being taken down; uploaded by user “soodalpie” on September 26, 2025.
- Package executed PowerShell scripts, altered firewall settings, and relayed data to Discord.
- GitHub responds to software supply chain attacks with changes to npm token lifetimes.
- Socket Firewall introduced by Socket to block malicious packages in various coding ecosystems.
Already a member? Log in here