Malicious PyPI Packages Spellcheckpy and Spellcheckerpy Deliver Python RAT

Malicious PyPI packages spellcheckpy and spellcheckerpy impersonated the legitimate pyspellchecker, embedding a base64-encoded payload that executes a Python Remote Access Trojan (RAT) when imported. Initially dormant, the payload would extract and execute upon the new version's trigger. This RAT, with dual-layer XOR encryption, facilitates remote control, evading detection, and employs a command and control server historically linked to malicious activity. Connections to earlier similar attacks suggest a recurring threat actor.

https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top