BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

PyPI Spellchecker Packages Delivered Python RAT via Payload

Two PyPI packages hid a Base64 downloader in a compressed Basque dictionary, delivering a Python RAT to ~1,000 users via updatenet.work (RouterHosting/Cloudzy).

  • Two malicious PyPI packages, spellcheckerpy and spellcheckpy, contained a hidden downloader that installs a Python RAT and were downloaded about 1,000 times.
  • The payload was embedded in a compressed dictionary file and activated on import in version 1.2.0 released January 21, 2026.
  • The downloader fetches a RAT from “updatenet[.]work”, tied to IP 172.86.73[.]139 and Hosting provider RouterHosting LLC (aka Cloudzy), which has a known history of misuse.
  • Security firms link this campaign to earlier fake spellchecker packages and to separate malicious npm packages used for credential theft and targeted phishing.

Aikido researchers reported that two packages on PyPI, spellcheckerpy and spellcheckpy, contained code to deliver a remote access trojan and were pulled after roughly 1,000 total downloads. According to Aikido researcher Charlie Eriksen, the payload was hidden inside a Basque dictionary file and later executed on import.

- Advertisement -

The malicious data lived in a file named “resources/eu.json.gz” and used Basque word frequencies copied from the legitimate pyspellchecker package. Extraction via test_file(“eu”, “utf-8”, “spellchecker”) caused the package to fetch a Base64-encoded downloader stored under the key “spellchecker.”

Early releases contained the payload but did not run it; that changed with spellcheckpy version 1.2.0, published on January 21, 2026, which added an obfuscated execution trigger. “Hidden inside the Basque language dictionary file was a base64-encoded payload that downloads a full-featured Python RAT,” the researcher noted in the disclosure.

The downloader reaches out to an external domain (“updatenet[.]work”) to obtain a Python RAT that can fingerprint hosts, parse commands, and execute them. The domain resolves to 172.86.73[.]139, managed by RouterHosting LLC (aka Cloudzy), which has a documented history of servicing nation-state linked activity.

This incident follows a November 2025 detection of a similar fake package by HelixGuard, suggesting a common actor. Researchers also flagged multiple malicious npm packages used for targeted phishing and data theft; see Aikido’s reports on the npm supply-chain phishing campaign and the G_Wagon stealer for details (phishing list, Malware-g-wagon-python-stealer-crypto-wallets”>G_Wagon report).

- Advertisement -

Aikido additionally warned about slopsquatting and AI agents inventing packages. In one example, a fictitious npm package spread to many repositories via agent “skill” files; as Eriksen put it, “Skills are the new code. They don’t look like it. They’re Markdown and YAML and friendly instructions. But they’re executable.” See Aikido’s analysis on agent skills for more context (agent skills).

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

WordPress core hit by zero-click RCE bug, patch now live

WordPress patched a pre-authentication remote code execution flaw in versions 6.9.5 and 7.0.2 on...

ECB: Stablecoin growth puts European bank deposits at risk

ECB board member Piero Cipollone warned Friday that stablecoin growth could strip European banks...

Tesla Launches Megacharger Network with Bloomington Station

Tesla opened a new public Megacharger station in Bloomington, California, calling it the start...

Apple Overtakes Nvidia as World’s Most Valuable Public Company

Apple briefly surpassed NVIDIA as the world’s most valuable publicly traded company, hitting an...

Galaxy Digital buys naming rights to Texas Tech stadium in 15-year deal

Galaxy Digital signed a 15-year naming rights deal with Texas Tech, renaming the football...

Must Read

Crypto in New York: The 2026 Guide to Legal Exchanges and BitLicense Regulations

TL;DR: Trading crypto in New York is legal but heavily regulated by the New York Department of Financial Services (NYDFS). Platforms must hold a BitLicense...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading