Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems.

The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first uploaded by a user named " soodalpie " on September 26, 2025, the same date the account was created.

"While providing this capability, it exhibits behavior as a backdoor proxy server targeting Windows platforms, using automated installation processes via VBScript or an executable version," JFrog said in an analysis.

The executable ("_AUTORUN.EXE") is a compiled Go file that, besides inclu

See Full Page