MSC-2026-1086
Published:May 16, 2026
Updated:May 16, 2026
Two fraudulent Python packages, spellcheckerpy and spellcheckpy, were discovered on PyPI claiming to be from the legitimate pyspellchecker library author. These packages contained hidden malware that downloads a remote access trojan (RAT) when imported, giving attackers full control over affected systems.
Related Resources (1)
Do you need more information?
Contact UsCVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH