Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.
The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first uploaded by a user named “soodalpie” on September 26, 2025, the same date the account was created.
“While providing this capability, it exhibits behavior as a backdoor proxy server targeting Windows platforms, using automated installation processes via VBScript or an executable version,” JFrog said in an analysis.
The executable (“_AUTORUN.EXE”) is a compiled Go file that, besides including a SOCKS5 implementation as advertised, is also designed to run PowerShell scripts, set firewall rules, and relaunch itself with elevated permissions. It also carries out basic system and network reconnaissance, including Internet Explorer security settings and Windows installation date, and exfiltrates the information to a hard-coded Discord webhook.
“_AUTORUN.VBS,” the Visual Basic Script launched by the Python package in versions 0.2.5 and 0.2.6, is also capable of running a PowerShell script, which then downloads a ZIP file containing the legitimate Python binary from an external domain (“install.soop[.]space:6969”) and generates a batch script that’s configured to install the package using the “pip install” command and run it.
The PowerShell script then invokes the batch script, causing the Python package to be executed, which, in turn, elevates itself to run with administrative privileges (if not already), configure firewall rules to allow UDP and TCP communication via port 1080, install as a service, maintain communication with a Discord webhook, and set up persistence on the host using a scheduled task to make sure it automatically starts upon a system reboot.
“soopsocks is a well-designed SOCKS5 proxy with full bootstrap Windows support,” JFrog said. “However, given the way it performs and actions it takes during runtime, it shows signs of malicious activity, such as firewall rules, elevated permissions, various PowerShell commands, and the transfer from simple, configurable Python scripts to a Go executable with hardcoded parameters, version with reconnaissance capabilities to a predetermined Discord webhook.”
The disclosure comes as npm package maintainers have raised concerns related to a lack of native 2FA workflows for CI/CD, self-hosted workflow support for trusted publishing, and token management following sweeping changes introduced by GitHub in response to a growing wave of software supply chain attacks, Socket said.
Earlier this week, GitHub said it will shortly revoke all legacy tokens for npm publishers and that all granular access tokens for npm will have a default expiration of seven days (down from 30 days) and a maximum expiration of 90 days, which used to be unlimited previously.
“Long-lived tokens are a primary vector for supply chain attacks. When tokens are compromised, shorter lifetimes limit the window of exposure and reduce potential damage,” it said. “This change brings npm in line with security best practices already adopted across the industry.”
It also comes as the software supply chain security firm released a free tool called Socket Firewall that blocks malicious packages at install time across npm, Python, and Rust ecosystems, giving developers the ability to safeguard their environments against potential threats.
“Socket Firewall isn’t limited to protecting you from problematic top-level dependencies. It will also prevent the package manager from fetching any transitive dependency that is known to be malicious,” the company added.
