Malicious Python Spellchecker Packages on PyPI Deliver Remote Access Trojan

Aikido Security discovered two malicious PyPI packages, spellcheckpy and spellcheckerpy, which mimicked the legitimate pyspellchecker package. The malware authors hid a payload in the resources/eu.json.gz file, which typically contained Basque word frequencies, by concealing a base64-encoded downloader under the key spellchecker. This downloader subsequently fetched a Python-based Remote Access Trojan (RAT) capable of executing remote commands, reading files, gathering system information, and capturing screenshots. The packages were reported to PyPI and have since been removed.