PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Three malicious PyPI packages were discovered delivering a new malware family called ZiChatBot that uses Zulip's REST APIs as its command-and-control infrastructure, with over 2,400 downloads before takedown.
Cybersecurity researchers at Kaspersky have uncovered a sophisticated supply chain attack targeting the Python Package Index (PyPI) repository. Three malicious packages — uuid32-utils, colorinal, and termncolor — were found to be covertly delivering a previously unknown malware family dubbed ZiChatBot on both Windows and Linux systems. The packages, uploaded between July 16 and 22, 2025, accumulated over 2,400 downloads before being taken down.
Unlike traditional malware that relies on dedicated command-and-control (C2) servers, ZiChatBot communicates through a series of REST APIs from the public team chat application Zulip. This novel approach allows the malware to blend in with legitimate traffic, making detection significantly more difficult. Kaspersky described the operation as a "carefully planned and executed PyPI supply chain attack."
The malicious packages include uuid32-utils (1,479 downloads), colorinal (614 downloads), and termncolor (387 downloads). While uuid32-utils and colorinal contain similar malicious payloads, termncolor appears benign but lists colorinal as a dependency, effectively acting as a distribution vector. On Windows systems, installing either of the first two packages triggers extraction of a DLL dropper named "terminate.dll" to disk. When the library is imported into a project, the DLL loads and acts as a dropper for ZiChatBot, establishing persistence via a Windows Registry auto-run entry before deleting itself.
On Linux systems, the shared object dropper "terminate.so" plants the malware at "/tmp/obsHub/obs-check-update" and configures a crontab entry for persistence. Regardless of the operating system, ZiChatBot executes shellcode received from its Zulip-based C2 server. After executing a command, the malware sends a heart emoji as a confirmation signal back to the server, indicating successful operation.
While the identity of the attackers remains unclear, Kaspersky noted that the dropper shares a "64% similarity" to tools used by the Vietnam-linked hacking group OceanLotus (also known as APT32). In late 2024, OceanLotus was observed targeting the Chinese cybersecurity community with poisoned Visual Studio Code projects masquerading as Cobalt Strike plugins, using the Notion note-taking service as C2 infrastructure. Kaspersky suggested that if this PyPI campaign is indeed the work of OceanLotus, it represents a strategic expansion of the group's targeting scope beyond traditional phishing emails into diverse supply chain attacks.
The discovery highlights the growing trend of threat actors abusing legitimate platforms and APIs for malicious purposes. By leveraging Zulip's REST APIs, ZiChatBot avoids the need for dedicated infrastructure that could be easily blocked or taken down. This technique mirrors other recent campaigns where attackers have used services like Notion, Discord, and Slack for C2 communications. The incident also underscores the persistent risk of supply chain attacks on open-source package repositories, where malicious code can be distributed to thousands of unsuspecting developers and organizations before detection.
Kaspersky's Securelist report now attributes the campaign to OceanLotus (APT32) with medium confidence, based on analysis by the Kaspersky Threat Attribution Engine. The report provides deeper technical details on the dropper's AES-CBC decryption of embedded strings and the self-deletion mechanism, and confirms that the campaign began in July 2025, targeting both Windows and Linux platforms via PyPI wheel packages.