MSC-2026-1086
Published:January 20, 2026
Updated:January 23, 2026
Two fraudulent Python packages, spellcheckerpy and spellcheckpy, were discovered on PyPI claiming to be from the legitimate pyspellchecker library author. These packages contained hidden malware that downloads a remote access trojan (RAT) when imported, giving attackers full control over affected systems.
Related ResourcesĀ (1)
Do you need more information?
Contact UsCVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Embedded Malicious Code
