Vulnerabilities in Python Packages Create Domain-Takeover Risks

Cybersecurity researchers from ReversingLabs have uncovered vulnerabilities in legacy Python packages that could facilitate a supply chain compromise via domain takeover attacks. The report highlights a critical issue with bootstrap files associated with the build and deployment automation tool, zc.buildout.

Vladimir Pezo, a security researcher at ReversingLabs, explained that these bootstrap scripts automate the downloading, building, and installation of necessary libraries, but they fetch an installation script for a package called Distribute from the now-defunct domain python-distribute.org, which is currently available for purchase.

This domain has been up for sale since 2014, leading to significant security risks. The affected packages include tornado, pypiserver, slapos.core, roman, xlutils, and testfixtures. The vulnerability arises from an old bootstrap script, bootstrap.py, which is designed to initialize the Buildout environment.

This script allows for the installation of Distribute, a fork of the Setuptools project, which became obsolete after its features were reintegrated back into Setuptools in 2013. Despite this, many packages continue to distribute the bootstrap script that either defaults to installing Distribute or allows for it through command-line options.

This situation creates a potential attack vector, as an attacker could seize the domain and serve malicious code when the bootstrap script is executed. Notably, some packages have already removed the vulnerable script, yet slapos.core still contains this risk, and it is also present in the development version of Tornado.

While the bootstrap script is not executed automatically during installation and is written in Python 2, it still poses an unnecessary attack surface. The real threat was underscored by a recent incident in 2023 involving the npm package fsevents, which was compromised when a bad actor took control of an unclaimed cloud resource to distribute malicious executables.

Pezo emphasized that the programming pattern of fetching and executing a payload from a hard-coded domain resembles malware behavior. Furthermore, HelixGuard recently identified a malicious package on PyPI named spellcheckers, which claimed to be a tool for checking spelling errors using OpenAI Vision but instead connected to an external server to download a remote access trojan.

This package was uploaded on November 15, 2025, by a user named leo636722 and has been downloaded 955 times before being removed. The RAT enabled full remote control of users' computers, further illustrating the potential dangers present in the Python ecosystem.

The discovery of these vulnerabilities underscores the urgent need for developers and organizations to conduct regular security audits and implement timely updates to their software.