Malicious PyPI Packages Masquerading as Spellcheckers Deliver RAT Malware
Packages 'spellcheckerpy' and 'spellcheckpy' downloaded over 1,000 times use multi-layer encryption and fileless execution to deliver cryptocurrency-stealing RAT. Same threat actor linked to November 2025 campaign.