PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Summary

Kaspersky discovered three poisoned PyPI packages (uuid32-utils, colorinal, termncolor) uploaded in July 2025 that covertly deliver ZiChatBot, a previously unknown malware family. The malware uniquely uses Zulip team chat REST APIs for command-and-control instead of traditional C2 servers. Dropper analysis shows 64% similarity to OceanLotus/APT32 tools, suggesting possible attribution to the Vietnam-aligned threat actor expanding its supply chain attack tactics.

Full text

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux Ravie LakshmananMay 07, 2026Malware / Threat Intelligence Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky said. "Unlike traditional malware, ZiChatBot does not communicate with a dedicated command-and-control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure." The activity has been described as a "carefully planned and executed PyPI supply chain attack" by the Russian cybersecurity company. The names of the packages, which have since been taken down, are listed below - uuid32-utils (1,479 downloads) colorinal (614 downloads) termncolor (387 downloads) All three packages were uploaded to PyPI during a short window between July 16 and 22, 2025. While uuid32-utils and colorinal make use of similar malicious payloads, termncolor is a benign-looking package that lists colorinal as a dependency. On Windows systems, once any of the first two packages is installed, the malicious code extracts a DLL dropper ("terminate.dll") and write it to disk. At the time the library is imported into a project, the DLL is loaded, acting as a dropper for ZiChatBot, after which it establishes an auto-run entry in the Windows Registry, and runs code to delete itself from the host. The Linux version of the shared object dropper ("terminate.so") plants the malware in the "/tmp/obsHub/obs-check-update" path and configures a crontab entry. Regardless of the operating system it's running on, ZiChatBot is designed to execute shellcode received from its C2 server. After executing the command, the malware sends a heart emoji as a response to signal the server that the operation was successful. Exactly who is behind the campaign is not clear. However, Kaspersky said the dropper shares a "64% similarity" to another dropper used by a Vietnam-aligned hacking group named OceanLotus (aka APT32). In late 2024, the threat actor was observed targeting the Chinese cybersecurity community with poisoned Visual Studio Code projects masquerading as Cobalt Strike plugins to deliver a trojan that's executed automatically when the project is compiled. The malware uses the Notion note-taking service as C2, per an analysis from ThreatBook. Kaspersky pointed out that if the PyPI supply chain campaign is indeed the work of OceanLotus, it represents the threat actor's strategy to expand its targeting scope. "Although phishing emails are still a common initial infection method for OceanLotus, the group is also actively exploring new ways to compromise victims through diverse supply chain attacks," it said. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  cybersecurity, linux, Malware, Open Source, PyPI, Python, supply chain attack, Threat Intelligence, windows security ⚡ Top Stories This Week 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign Trellix Confirms Source Code Breach With Unauthorized Repository Access ⚡ Weekly Recap: AI-Powered Phishing, Android Spying Tool, Linux Exploit, GitHub RCE and More Progress Patches Critical MOVEit Automation Bug Enabling Authentication Bypass Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution The Hacker News Launches 'Cybersecurity Stars Awards 2026' — Submissions Now Open ThreatsDay Bulletin: Edge Plaintext Passwords, ICS 0-Days, Patch-or-Die Alerts and 25+ New Stories PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions New Linux PamDOORa Backdoor Uses PAM Modules to Steal SSH Credentials Quasar Linux RAT Steals Developer Credentials for Software Supply Chain Compromise 2026: The Year of AI-Assisted Attacks Day Zero Readiness: The Operational Gaps That Break Incident Response We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is ⭐ Featured Resources [Webinar] Learn How Autonomous Validation Keeps Pace With AI Attacks [Guide] Get Practical AI SOC Insights to Improve Threat Detection [Demo] Discover How to Control Autonomous Identity Risks Effectively [Demo] Stop Email Attacks and Protect Cloud Workspace Data Faster

Entities