Skip to content

MALICIOUS (1) campaign cataloged at 2025-09-26(2).

  1. The campaign has clearly malicious intent, like infostealers.
  2. This is just the date of creating the catalog entry. It may not reflect the date of creation of the campaign itself.

2025-09-soopsocks

The package promise creating a SOCKS proxy and report the server to a Discord webhook. And indeed appears to do so, but the attached autorun service seems to be a malware

Abuse categories

malware

Campaign uses malware.

References

Referenced resources may include blog posts about the campaign, malware analysis, sandbox reports, or other relevant information.

URLs with payloads, characteristic domains, C&C IPs, repositories with malicious code, etc.

  • hxxps://discord.com/api/webhooks/1418298773330985154/_I7EzXpGMundYt8jCvlDdzi9INsBkBq7NSDM74iV0Y_flSzQZ5LxYP0lZtXFzHCkRtKR

  • hxxp://install.soop.space:6969/download/py/pythonportable.zip

  • hxxp://install.soop.space

  • soop.space

Packages in the campaign

campaign:2025-09-soopsocks