Cybersecurity researchers have discovered vulnerable code in outdated Python packages that could pave the way for a supply chain compromise attack on the Python Package Index (PyPI) via a domain takeover technique.
Software supply chain security company ReversingLabs identified the vulnerability in bootstrap files provided by a build and deployment automation tool called zc.buildout.
The Risk of Takeover by Legacy Packages
The problem lies in an old bootstrap script (bootstrap.py) that was used with zc.buildout to initialize the environment. This script had the ability to install the “Distribute” packaging utility, a short-lived fork of the Setuptools project. To do this, the Distribute installation script (distribute_setup.py) is downloaded from the python-distribute[.]org domain.
The risk arises because this domain has been available for sale or managed to generate advertising revenue since 2014. The Distribute fork became obsolete in 2013, when its features were re-incorporated into Setuptools.
However, many Python packages have continued to include the bootstrap script that attempts to install Distribute by default or by specifying a command line option. Since the domain is available for purchase, an attacker could purchase it, host malicious code, and compromise users who inadvertently execute the vulnerable bootstrap script.
Scope of Vulnerability and Additional Risks
The vulnerability was identified in several popular packages, including:
- Tornado *pypiserver
- slapos.core
- roman
- xlutils
- testfixtures
Although some of these packages have removed the bootstrap script, the slapos.core package still contains it. The script, written in Python 2, does not run automatically during package installation, but its presence creates an “unnecessary attack surface” that can be exploited if developers are tricked into running the script.
Real Precedents and Current Threats
The threat of takeover is not purely theoretical. In 2023, a similar case was documented in the npm ecosystem, where the fsevents package was compromised after a malicious actor took control of an unclaimed cloud storage resource (fsevents-binaries.s3-us-west-2.amazonaws[.]com) to distribute malicious executables (CVE-2023-45311, CVSS: 9.8).
The underlying problem, according to the researchers, is the programming pattern of downloading and executing code from an encrypted domain, a common behavior in downloader malware. The lack of formal decommissioning of the Distribute module allowed these vulnerable scripts to persist.
Threat in PyPI: The “spellcheckers” case
This ReversingLabs discovery coincides with another recent threat in PyPI. HelixGuard discovered a malicious package called “spellcheckers” that claimed to be a spell checking tool based on OpenAI Vision. The package contained malicious code designed to connect to an external server and download a Remote Access Trojan (RAT). This RAT allowed remote execution of Python commands, granting full control over the victim host. The package was downloaded 955 times before being removed from PyPI.
Conclusions
The findings from ReversingLabs and HelixGuard underscore the fragility of the software supply chain and the need for rigorous dependency management, especially in package ecosystems like PyPI. The persistence of legacy code and dependence on obsolete domains represents a significant risk that can be exploited by attackers to inject malicious code and compromise development and production systems.
References
- Vulnerability:
zc.buildoutbootstrap scripts and domain dependencypython-distribute[.]org. - CVE Precedent: CVE-2023-45311 (subdomain takeover vulnerability in npm package fsevents).
- Affected Packages: tornado, pypiserver, slapos.core, roman, xlutils, testfixtures.
- Malware in PyPI: “spellcheckers” package (removed from PyPI).