Legacy Python Bootstrap Scripts Pose Domain Takeover Threat in Multiple PyPI Packages
Cybersecurity researchers have identified a significant vulnerability within legacy Python packages that could lead to supply chain compromises on the Python Package Index (PyPI) through domain takeover attacks. This issue centers around outdated bootstrap scripts associated with the zc.buildout tool, which automates the downloading, building, and installation of necessary libraries and tools.
The vulnerability arises from these scripts fetching and executing installation files for the Distribute package from the now-defunct domain python-distribute[.]org. This domain has been inactive since 2014 and is currently available for purchase, posing a risk that malicious actors could acquire it to serve harmful code. Affected PyPI packages include tornado, pypiserver, slapos.core, roman, xlutils, and testfixtures.
The core of the problem lies in the bootstrap.py script used with zc.buildout to set up the Buildout environment. This script was designed to install the Distribute package—a fork of Setuptools—by retrieving its installation script from python-distribute[.]org. Although Distribute was merged back into Setuptools in 2013, rendering it obsolete, many packages continue to include the vulnerable bootstrap script. If an attacker gains control of the dormant domain, they could distribute malicious code to users who execute these scripts, potentially leading to data theft or further system compromises.
While some packages have removed the vulnerable script, others, like slapos.core and certain versions of Tornado, still contain it. Notably, the bootstrap script is written in Python 2 and isn’t executed automatically during package installation, requiring manual execution. However, its mere presence introduces an unnecessary attack vector that could be exploited if developers are deceived into running the script.
This type of domain takeover threat isn’t merely theoretical. In 2023, the npm package fsevents was compromised when an attacker took control of an unclaimed cloud resource, leading to the distribution of malicious executables to users installing certain versions of the package.
The underlying issue stems from programming practices that involve fetching and executing code from hard-coded domains—a pattern often seen in malware. The failure to properly decommission the Distribute module has allowed these vulnerable scripts to persist, leaving numerous projects exposed to potential attacks.
This disclosure coincides with the discovery of a malicious PyPI package named spellcheckers, which purports to check spelling errors using OpenAI Vision but actually contains code designed to download and execute a remote access trojan (RAT). Uploaded on November 15, 2025, by a user named leo636722, the package was downloaded 955 times before its removal. Once installed and executed, the backdoor becomes active, granting the attacker remote control over the victim’s computer.
These findings underscore the critical importance of vigilance in software supply chain security. Developers are urged to audit their codebases for legacy scripts that reference outdated or inactive domains and to remove or update them promptly. Additionally, verifying the integrity and source of external scripts before execution can mitigate the risk of introducing vulnerabilities into the development environment.
