Cybersecurity firm ReversingLabs reported the presence of vulnerable bootstrap code in legacy Python packages that could be leveraged for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover. The affected code is associated with the zc.buildout build and deployment automation tool and, when run, fetches an installation script for the Distribute packaging utility from a legacy domain, ReversingLabs said.
The issue centers on an older initialization script used with zc.buildout. ReversingLabs pointed to archived copies of the code, including an old bootstrap script and a later bootstrap.py, which include logic to download a distribute_setup.py installer from python-distribute.org, a domain that has been available for sale since 2014.
ReversingLabs said multiple PyPI packages ship copies of the bootstrap script or variants that attempt to install Distribute, including tornado, pypiserver, slapos.core, roman, xlutils and testfixtures. Some projects have removed the file, but slapos.core continues to ship the vulnerable code and the bootstrap remains in the development and maintenance branch of Tornado, the researchers said. The script is written for Python 2 and is not executed automatically during package installation, but its presence can create an avoidable attack surface if developers run it.
ReversingLabs researcher Vladimir Pezo described the risk as arising from a programming pattern that fetches and executes a payload from a hard-coded domain and said the failure to formally decommission the Distribute module allowed vulnerable bootstrap scripts to linger. The report cited a prior real-world supply chain compromise as a comparable example, referencing CVE-2023-45311, in which an npm package was abused via control of an unclaimed cloud resource.
Separately, HelixGuard disclosed a malicious PyPI package named “spellcheckers” that claimed to offer OpenAI Vision–based spelling checks but contained code that connected to an external server to download a next-stage payload and deploy a remote access trojan. The package was first uploaded to PyPI on Nov. 15, 2025 by a user listed as leo636722, had been downloaded 955 times and has since been removed, HelixGuard said.
ReversingLabs did not provide a comprehensive count of affected projects and warned that an attacker who acquires the legacy domain could serve malicious code to anyone who runs the vulnerable bootstrap script.