Python Package Index Hit by Supply-Chain Attack

Cybersecurity researchers have discovered a sophisticated supply-chain attack targeting Python developers through a malicious package on PyPI. The package, named 'spellcheckers,' contains a multi-layered encrypted backdoor designed to steal cryptocurrency information and establish remote access. The attackers have expanded their operations to the PyPI repository, significantly broadening their potential victim base. The malicious package mimics the legitimate 'pyspellchecker' library and has already been downloaded over 950 times.