Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

The Python Package Index has become a lucrative target for threat actors seeking to infiltrate development pipelines. By masquerading as innocuous spell‑checking utilities, the malicious spellcheckerpy and spellcheckpy packages slipped past basic repository checks and leveraged a clever concealment technique: embedding a Base64‑encoded downloader inside a compressed Basque language dictionary. Unlike classic supply‑chain malware that lives in __init__.py, this approach evades static analysis tools that focus on entry‑point scripts, allowing the payload to remain dormant until the specific test_file() function is invoked. Once triggered, the code contacts updatenet.work, a domain tied to Cloudzy—a hosting service with a documented history of serving nation‑state actors—thereby establishing a full‑featured remote‑access trojan on the victim’s machine.

The incident is part of a broader pattern of deceptive packages across ecosystems, echoing the November 2025 spellcheckers attack and recent malicious npm modules that harvest credentials and deploy fake login screens. Researchers also warned about slopsquatting, where AI‑generated package names are fabricated and later weaponized. A fictitious npm package, react‑codeshift, appeared in hundreds of GitHub repositories after a large language model hallucinated it, illustrating how automated code assistants can unintentionally propagate malicious dependencies. This convergence of AI hallucination and supply‑chain abuse amplifies the attack surface, making it harder for developers to trust autogenerated install instructions.

For enterprises and open‑source maintainers, the takeaway is clear: dependency hygiene must evolve beyond simple version checks. Implementing provenance verification, employing automated scanning for hidden resources, and restricting the use of AI‑suggested packages without manual review can mitigate risk. Continuous monitoring of download statistics and rapid response to takedown notices are essential, as is educating developers about the dangers of importing obscure utilities without scrutinizing their source. As the ecosystem grows, a proactive, defense‑in‑depth strategy will be critical to safeguard codebases from increasingly sophisticated supply‑chain threats.