Cybersecurity researchers have identified a critical vulnerability in legacy Python packages that could enable supply chain attacks on the Python Package Index (PyPI) through domain takeover tactics. This discovery highlights an ongoing risk associated with outdated code and the importance of diligent package management.
The vulnerability stems from an old bootstrap script within the “zc.buildout” tool, a software build and deployment automation utility. According to cybersecurity firm ReversingLabs, this script contains a reference to a now-defunct domain, python-distribute[.]org, which is currently available for purchase. If an attacker gains control of this domain, they could potentially redirect users to malicious code, compromising systems that rely on these older packages.
Vulnerable Bootstrap Scripts Pose PyPI Supply Chain Risk
The affected bootstrap scripts are designed to automate the process of downloading, building, and installing necessary libraries and tools. Specifically, ReversingLabs found that the bootstrap script, when executed, attempts to fetch and run an installation script for “Distribute,” a legacy fork of the Setuptools project, from the python-distribute[.]org domain. This domain has been publicly available for sale since 2014.
The Distribute package was created during a period of inactivity in Setuptools development, but its functionalities were merged back into Setuptools in 2013, rendering Distribute obsolete. Despite this, many Python packages continue to include the bootstrap script that references the now-insecure domain. Packages that have been identified as potentially shipping this vulnerable code include tornado, pypiserver, slapos.core, roman, xlutils, and testfixtures.
The risk emerges because the bootstrap script attempts to download and install the Distribute package either by default or when a specific command-line option is used. With the domain python-distribute[.]org now available for acquisition, a malicious actor could purchase it and serve a compromised installation script. When developers inadvertently run the bootstrap script on their systems, they could unknowingly download and execute malicious code, leading to potential data theft or system compromise.
The Mechanics of the Domain Takeover Threat
The core of the issue lies in the programming pattern of fetching and executing code from a hard-coded domain. This pattern is commonly observed in malware designed to act as downloaders. The failure to formally remove or deprecate the Distribute installation module has allowed these vulnerable bootstrap scripts to persist in various projects, leaving them exposed.
While some affected packages have been updated to remove the problematic bootstrap script, others, such as slapos.core, continue to include the vulnerable code. The development and maintenance versions of the Tornado package also reportedly contain this script. It is important to note that the bootstrap script is written in Python 2 and is not executed automatically during package installation. This means it cannot be run with Python 3 without modifications. However, its mere presence creates an unnecessary attack surface that attackers could exploit if developers are tricked into triggering its execution.
The threat of domain takeover in software supply chains is not hypothetical. In 2023, the npm package fsevents was compromised after an attacker gained control of an unclaimed cloud resource hosted at fsevents-binaries.s3-us-west-2.amazonaws[.]com. This allowed the attacker to distribute malicious executables to users installing certain versions of the package, highlighting the significant impact of such vulnerabilities (CVE-2023-45311, CVSS score: 9.8).
Recent PyPI Malicious Package Activity
This discovery comes amidst other security concerns on PyPI. Recently, HelixGuard identified a malicious package named “spellcheckers” on the index. This package falsely claimed to be a spelling error checker utilizing OpenAI Vision. However, it contained malicious code designed to connect to an external server and download a secondary payload, which then executed a remote access trojan (RAT).
The “spellcheckers” package was first uploaded to PyPI on November 15, 2025, and had been downloaded 955 times before it was removed. The RAT embedded within the package is capable of receiving remote commands and executing attacker-controlled Python code through the `exec()` function, granting attackers full remote control over a victim’s host. This underscores the persistent threat of malicious actors targeting open-source repositories to distribute malware.
The ongoing discovery of vulnerabilities in legacy code and the emergence of new malicious packages on PyPI emphasize the continuous need for vigilance in software supply chain security. Developers and organizations are urged to audit their dependencies, update packages to their latest secure versions, and be cautious of executing scripts from untrusted or outdated sources. The next steps will likely involve further analysis of PyPI packages for similar vulnerabilities and increased efforts by maintainers to remove outdated and insecure code.