Cybersecurity researchers have uncovered vulnerable code embedded in several legacy Python packages, raising concerns about potential supply chain attacks against the Python Package Index (PyPI). The issue stems from a domain takeover risk linked to outdated bootstrap scripts used by the build automation tool zc.buildout. According to ReversingLabs, these scripts still reference a long-abandoned domain, python-distribute[.]org, which is now available for purchase.
The bootstrap scripts were originally designed to automate the downloading, building, and installation of libraries and tools, including a legacy packaging utility called Distribute. When executed, the scripts fetch and run an installation file from the now-dormant domain. Packages affected by this behavior include tornado, pypiserver, slapos.core, roman, xlutils, and testfixtures. Because the domain is no longer controlled by the original maintainers, a malicious actor could acquire it and deliver harmful code to unsuspecting developers who run the outdated bootstrap process.
Although Distribute was merged back into Setuptools in 2013—rendering it obsolete—many Python packages still ship the vulnerable bootstrap file, either enabling Distribute by default or when specific command-line options are used. ReversingLabs warns that this creates an unnecessary attack surface, especially if developers inadvertently run the script. While some projects have removed the file, packages like slapos.core and development builds of Tornado continue to include the outdated code.
This vulnerability highlights the real-world danger of domain takeovers in software supply chains. A parallel example occurred in 2023 when the npm package fsevents was compromised after an attacker seized an unclaimed cloud resource to distribute malicious binaries. Hard-coded domains in installation scripts—especially those fetching and executing payloads—mirror behaviors commonly found in malware. The failure to formally retire the Distribute module left countless projects at silent risk.
Compounding these concerns, the disclosure arrives alongside news of a separate PyPI attack involving a malicious package named spellcheckers. Though advertised as a spell-checking tool using OpenAI Vision, it secretly connected to an external server to download and execute a remote access trojan. The package was uploaded on November 15, 2025, and downloaded nearly 1,000 times before its removal. According to HelixGuard, the RAT allowed attackers to run arbitrary Python code, granting full remote control of compromised systems.
