{
  "title": "PyPI spellcheckpy Typosquatting RAT Campaign",
  "summary": "Attackers published typosquatted versions of the popular pyspellchecker library to deliver a Remote Access Trojan (RAT) hidden inside compressed Basque dictionary files.",
  "date": "2026-01-23",
  "severity": "critical",
  "tags": [
    "pypi",
    "typosquatting",
    "rat",
    "malware"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "spellcheckpy-typosquatting-rat",
    "since": "2025-10-28T00:00:00Z",
    "until": "2026-01-23T23:59:59Z",
    "ecosystem": "pypi pypi",
    "cves": [],
    "cwes": [],
    "advisoryIds": [],
    "products": [],
    "packages": [
      "spellcheckerpy",
      "spellcheckpy"
    ],
    "versions": [
      "spellcheckerpy@*",
      "spellcheckpy@1.2.0"
    ],
    "affectedVersions": [],
    "fixedVersions": [
      "none"
    ],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [
      "www.aikido.dev",
      "eu.json.gz"
    ],
    "urls": [
      "https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat",
      "https://helixguard.ai/blog/malicious-spellcheckers-2025-11-19/",
      "https://updatenet.work/update1.php`",
      "https://updatenet.work/settings/history.php`"
    ],
    "ips": [],
    "hashes": [],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}