Security researchers have uncovered malicious Python packages on PyPI that pretended to be simple spellchecker tools but secretly delivered a remote access trojan (RAT). The packages, spellcheckerpy and spellcheckpy, were downloaded over 1,000 times before being removed.

The malware was cleverly hidden inside a language dictionary file and only activated when developers imported the package. In newer versions, the payload could fully execute, allowing attackers to remotely control infected systems.

This incident highlights ongoing software supply chain risks on open-source repositories. Developers are strongly advised to verify package sources, review code carefully, and avoid installing unfamiliar libraries without proper checks.

Source: https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on.html