Researchers discovered two malicious Python packages on the PyPI repository—spellcheckerpy and spellcheckpy—that impersonated legitimate spellchecking tools but contained a hidden remote access trojan (RAT). These packages were downloaded over 1,000 times before being removed. The malicious payload was embedded inside a compressed Basque language dictionary file (resources/eu.json.gz) as a base64-encoded string under the key "spellchecker." Unlike typical malware hidden in __init__.py scripts, this payload was concealed in a data file, making detection more difficult. Initial versions of the packages only decoded the payload without execution, but version 1.2.0 introduced an obfuscated trigger that executed the RAT upon importing the SpellChecker module. The RAT downloader contacts an external domain (updatenet[.]work) hosted by RouterHosting LLC, a provider with a history of supporting nation-state threat actors. The RAT can fingerprint the infected system, parse commands, and execute them remotely, enabling full control over compromised hosts. This campaign appears linked to previous malicious Python packages and coincides with similar supply chain attacks in npm packages targeting industrial and energy sectors in Europe and beyond. The threat also underscores emerging risks from AI-generated or squatted package names that may be inadvertently trusted and installed by developers and automated agents. No known exploits in the wild have been reported yet, but the stealthy nature and supply chain vector make this a significant threat to Python users.

European organizations relying on Python packages from PyPI, particularly those using spellchecking or natural language processing libraries, face risks of system compromise, data exfiltration, and remote control by attackers. The RAT enables attackers to execute arbitrary commands, potentially leading to credential theft, lateral movement, espionage, or disruption of critical services. Supply chain attacks like this can bypass traditional perimeter defenses because the malicious code is delivered through trusted software repositories. Industries with high Python usage such as finance, technology, research, and critical infrastructure in Europe could be targeted. The association of the hosting provider with nation-state actors raises concerns about espionage or sabotage. Additionally, the campaign's timing alongside attacks targeting industrial and energy companies in France, Germany, and Spain suggests a strategic focus on European critical sectors. The stealthy embedding of payloads in data files complicates detection by standard security tools, increasing the risk of prolonged undetected compromise.

1. Implement strict vetting and approval processes for third-party Python packages before deployment, including verifying package authorship and checking for known malicious indicators. 2. Use tools like PyPI package reputation services and dependency scanning to detect suspicious or squatted package names. 3. Monitor and restrict network egress traffic from development and production environments to block connections to suspicious domains such as updatenet[.]work. 4. Employ runtime application self-protection (RASP) or endpoint detection and response (EDR) solutions capable of detecting unusual Python process behaviors, such as unexpected network connections or code execution from data files. 5. Educate developers and DevOps teams about supply chain risks and the dangers of blindly trusting open-source packages, especially those with low download counts or recent publication dates. 6. Maintain up-to-date inventories of all installed Python packages and regularly audit them for anomalies. 7. Consider using package signing and integrity verification mechanisms where available. 8. Leverage AI and machine learning-based tools to detect anomalous package behaviors and dependencies introduced by automated agents. 9. Collaborate with cybersecurity communities and threat intelligence providers to stay informed about emerging malicious packages and supply chain threats.