- Two malicious PyPI packages, spellcheckerpy and spellcheckpy, contained a hidden downloader that installs a Python RAT and were downloaded about 1,000 times.
- The payload was embedded in a compressed dictionary file and activated on import in version 1.2.0 released January 21, 2026.
- The downloader fetches a RAT from “updatenet[.]work”, tied to IP 172.86.73[.]139 and Hosting provider RouterHosting LLC (aka Cloudzy), which has a known history of misuse.
- Security firms link this campaign to earlier fake spellchecker packages and to separate malicious npm packages used for credential theft and targeted phishing.
Aikido researchers reported that two packages on PyPI, spellcheckerpy and spellcheckpy, contained code to deliver a remote access trojan and were pulled after roughly 1,000 total downloads. According to Aikido researcher Charlie Eriksen, the payload was hidden inside a Basque dictionary file and later executed on import.
The malicious data lived in a file named “resources/eu.json.gz” and used Basque word frequencies copied from the legitimate pyspellchecker package. Extraction via test_file(“eu”, “utf-8”, “spellchecker”) caused the package to fetch a Base64-encoded downloader stored under the key “spellchecker.”
Early releases contained the payload but did not run it; that changed with spellcheckpy version 1.2.0, published on January 21, 2026, which added an obfuscated execution trigger. “Hidden inside the Basque language dictionary file was a base64-encoded payload that downloads a full-featured Python RAT,” the researcher noted in the disclosure.
The downloader reaches out to an external domain (“updatenet[.]work”) to obtain a Python RAT that can fingerprint hosts, parse commands, and execute them. The domain resolves to 172.86.73[.]139, managed by RouterHosting LLC (aka Cloudzy), which has a documented history of servicing nation-state linked activity.
This incident follows a November 2025 detection of a similar fake package by HelixGuard, suggesting a common actor. Researchers also flagged multiple malicious npm packages used for targeted phishing and data theft; see Aikido’s reports on the npm supply-chain phishing campaign and the G_Wagon stealer for details (phishing list, Malware-g-wagon-python-stealer-crypto-wallets”>G_Wagon report).
Aikido additionally warned about slopsquatting and AI agents inventing packages. In one example, a fictitious npm package spread to many repositories via agent “skill” files; as Eriksen put it, “Skills are the new code. They don’t look like it. They’re Markdown and YAML and friendly instructions. But they’re executable.” See Aikido’s analysis on agent skills for more context (agent skills).
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Three January mega-trade deals exclude the United States Now
- Ethereum Tops $3,000; Altcoins Surge as $300M Liquidated Now
- Bitcoin Eyes $90K Break as Fed Holds Rates; $65.5K Risk Now!
- OCC Grants Conditional Trust Charter Approval to Ripple XRP.
- CEOs, Tech Leaders Condemn Trump’s Immigration Crackdown Now
