Full Report
Cybersecurity researchers have discovered two malicious packages in the Python Package Index (PyPI) repository that masquerade as spellcheckers but contain functionality to deliver a remote access trojan (RAT). The packages, named spellcheckerpy and spellcheckpy, are no longer available for download, but not before they were collectively downloaded a little over 1,000 times. "Hidden inside the
Analysis Summary
# Tool/Technique: Spellcheckerpy and Spellcheckpy Packages (Python RAT Delivery)
## Overview
Two malicious Python packages, `spellcheckerpy` and `spellcheckpy`, discovered on the Python Package Index (PyPI), were disguised as legitimate spell-checking utilities. Their primary malicious function was to retrieve and execute a full-featured Remote Access Trojan (RAT) on compromised systems upon import.
## Technical Details
- Type: Malware (RAT Delivery Mechanism/Supply Chain Compromise)
- Platform: Python environments (likely Windows, Linux, macOS given PyPI distribution)
- Capabilities: Supply chain poisoning, payload download/execution, establishment of remote access.
- First Seen: January 2026 (Publication date of the discovery article)
## MITRE ATT&CK Mapping
- T1195 - Supply Chain Compromise
- T1195.005 - Compromise Software Dependencies
- T1059 - Command and Scripting Interpreter
- T1059.006 - Python
- T1071 - Application Layer Protocol
- T1071.001 - Web Protocols (for C2 communication)
- TA0011 - Command and Control
- T1070 - Execution (of downloaded payload)
## Functionality
### Core Capabilities
- **Masquerading:** Posing as benign spellchecker packages (`spellcheckerpy`, `spellcheckpy`).
- **Payload Staging:** Hiding a Base64-encoded downloader within dictionary files (specifically `resources/eu.json.gz` under the "spellchecker" key).
- **Trigger Mechanism:** Execution is triggered when the `test_file("eu", "utf-8", "spellchecker")` function runs, typically when the package is imported (`SpellChecker`).
- **Initial Infection:** Uses a downloader to retrieve a full-featured Python RAT from an external domain.
- **Dormant Period:** Initial versions only fetched and decoded the payload but did not execute it, a switch flipped in version 1.2.0.
### Advanced Features
- **Host Fingerprinting:** The deployed RAT is capable of fingerprinting the compromised host.
- **Remote Command Execution:** The RAT can parse and execute commands received from the Command and Control (C2) server.
- **Obfuscation:** The execution trigger in later versions was obfuscated.
## Indicators of Compromise
- File Hashes: N/A (Packages removed)
- File Names: `spellcheckerpy`, `spellcheckpy`
- Registry Keys: N/A
- Network Indicators:
- C2 Domain: `updatenet[.]work`
- Associated IP: `172.86.73[.]139` (Associated with RouterHosting LLC/Cloudzy)
- Behavioral Indicators:
- Attempting to extract/decode content from Basque language dictionary files (`resources/eu.json.gz`).
- Execution upon importing the package.
- Outbound connections to `updatenet[.]work` post-import.
## Associated Threat Actors
- The threat actor behind this campaign is suspected to be the same entity responsible for a previous malicious PyPI spell-checking package discovered in November 2025 (`spellcheckers`). No official group naming was provided in the context.
## Detection Methods
- **Signature-based detection:** Detecting the known package names (`spellcheckerpy`, `spellcheckpy`) or specific network indicators.
- **Behavioral detection:** Monitoring Python scripts for suspicious file operations within library resources or execution flows originating from standard library imports, especially those leveraging dictionary file parsing to run code.
- **YARA rules:** Potentially creating rules targeting the known structure of the Base64-encoded payload within the dictionary archive structure.
## Mitigation Strategies
- **Dependency Scanning:** Rigorous security scanning of all third-party dependencies before integration.
- **Supply Chain Security:** Utilizing private repositories or vetting packages extensively, especially those with rapidly changing versions or little history.
- **Principle of Least Privilege:** Restricting the execution environment privileges for code executed from untrusted sources.
- **Monitor Imports:** Monitoring process behavior for unusual execution flows triggered immediately following legitimate library imports.
## Related Tools/Techniques
- **Similar Poisoning Campaigns:** Malicious package named "spellcheckers" (November 2025).
- **Supply Chain Context:** Mention of npm packages (**flockiali, opresc, prndn, oprnm, operni, ansi-universal-ui**) delivering stealers (G_Wagon) or phishing screens, indicating a broader trend against software repositories.
- **Slopsquatting:** The environment is ripe for slopsquatting, where AI hallucinations lead to fictitious package names being claimed by threat actors.