SoopSocks PyPI Package Installs Windows Backdoor

Cyber Security News by CyberSum.net

Published on October 1, 2025 at 06:04 PM

3 sources

A malicious PyPI package named SoopSocks has been found to install a persistent backdoor on Windows systems while masquerading as a SOCKS5 proxy tool. The package uses multiple techniques to ensure it remains active, including creating a Windows service, setting up a scheduled task, and bypassing UAC. It automatically configures firewall rules to open a port, effectively turning the compromised machine into an open proxy for attackers. In addition to relaying traffic, SoopSocks continuously collects and exfiltrates network reconnaissance data to a hardcoded Discord webhook. This discovery highlights the ongoing threat of supply chain attacks where seemingly useful tools conceal dangerous backdoors.

Also Read

Google Gemini Flaws Allowed AI-Powered Data Theft

Researchers have disclosed three now-patched vulnerabilities in Google's Gemini AI assistant that could have enabled data theft and privacy breaches. Dubbed the "Gemini Trifecta," the flaws allowed attackers to use indirect prompt injection to steal sensitive user information, including saved data and location. The vulnerabilities affected Gemini Cloud Assist, its Search Personalization Model, and its Browsing Tool. Attackers could inject malicious instructions into logs or a user's search history, which Gemini would later execute. These commands could then force the AI's browsing tool to exfiltrate the stolen data to an attacker-controlled server, demonstrating how AI systems themselves can become attack vectors.

By Cyber Security News by CyberSum.netOctober 1, 2025 at 06:04 PM