Build script exposes PyPI to domain takeover attacks

ReversingLabs researchers found legacy bootstrap scripts in multiple PyPI packages that fetch and execute an installation script from the abandoned python-distribute[.]org domain, creating a supply-chain risk if that domain is claimed by an attacker. Several popular packages (for example slapos.core, tornado, pypiserver) still contain or invoked bootstrap scripts that could execute arbitrary code via that domain, demonstrating a domain-takeover vector similar to prior npm compromises. #python-distribute #PyPI

Keypoints

ReversingLabs’ RL Spectra Assure Community detected vulnerable bootstrap code that fetches and executes an installer from python-distribute[.]org, a domain that has been parked/for sale since 2014.
Bootstrap scripts shipped with zc.buildout and integrated into packages can be executed manually or via Makefiles and may fetch the legacy distribute installer, enabling remote code execution if the domain is controlled by an attacker.
Multiple PyPI projects (examples: slapos.core, tornado, pypiserver, imio.pm.locales, pyquery, xlutils, roman, testfixtures) were identified as containing or having contained the vulnerable bootstrap pattern.
The vulnerability stems from a programming pattern—hardcoded remote fetch-and-execute from a domain—which creates a supply chain attack surface distinct from typical package-install flows.
ReversingLabs produced a Python 2 proof-of-concept demonstrating how a bootstrap script can be coerced to fetch/execute remote content; the bootstrap scripts typically re-execute with flags and can be triggered manually.
The issue is analogous to a 2023 npm compromise (fsevents) where an attacker claimed an unowned resource and delivered malicious binaries, underscoring the real-world risk of domain takeovers in software supply chains.

MITRE Techniques

[T1195 ] Supply Chain Compromise – The attack vector is a package build/installation process that fetches remote code, enabling supply chain compromise (‘attack on the Python Package Index (PyPI) via a domain compromise.’)
[T1105 ] Ingress Tool Transfer – The bootstrap script fetches and executes an installer from a remote domain, moving code into the target environment (‘it fetches and executes an installation script for the package distribute from python-distribute[.]org’)
[T1059 ] Command and Scripting Interpreter – The fetched bootstrap content is executed as code (Python), allowing arbitrary code execution in the interpreter (‘execution of arbitrary code hosted on the abandoned domain’)
[T1583 ] Acquire Infrastructure – Domain – The adversary-controlled domain (python-distribute[.]org) could be acquired and used to host malicious payloads (‘anybody could have bought the domain and served whatever malicious code they wanted’)
[T1204 ] User Execution – Analysis shows the bootstrap scripts require manual invocation (or Makefile invocation) to execute, relying on user/developer action to trigger the malicious behavior (‘the bootstrap files aren’t executed automatically during the package installation… manual execution of the script by an unsuspecting developer or via the Makefile.’)

Indicators of Compromise

[Domain ] bootstrap fetch target – python-distribute[.]org (legacy domain used by bootstrap scripts, parked/for-sale since 2014)
[Package names ] potentially affected PyPI packages – slapos.core, pypiserver (and others such as tornado, imio.pm.locales, pyquery, xlutils, roman, testfixtures)
[File/hash ] bootstrap script artifact – sha1: 357f2fe2684c54339fb78ff447d8cbc127071633 (example from collected bootstrap scripts; additional bootstrap hashes and artifacts also noted)
[Cloud hosting URL ] prior analogous compromise – https://fsevents-binaries.s3-us-west-2.amazonaws.com (used in the 2023 fsevents compromise, cited for context)