Cybersecurity researchers have uncovered a sophisticated supply chain attack involving three malicious packages on the Python Package Index (PyPI). These packages, designed to appear legitimate, secretly distributed a new malware family named ZiChatBot on both Windows and Linux systems. The malware uniquely leverages the public team chat application Zulip's APIs for command and control, making detection challenging.

Key Takeaways

• Three malicious PyPI packages (uuid32-utils, colorinal, termncolor) were uploaded between July 16-22, 2025.

• The malware, ZiChatBot, uses Zulip's REST APIs as its command and control infrastructure.

• The attack targets both Windows and Linux operating systems.

• The dropper component shares similarities with malware used by the OceanLotus (APT32) group.

A Stealthy Supply Chain Attack

The discovered PyPI packages, , , and , were uploaded within a short timeframe in July 2025. While they offered the advertised functionalities, their primary purpose was to deliver malicious files. The package, appearing benign, listed the malicious package as a dependency, further obscuring the attack.

Cross-Platform Malware Deployment

On Windows systems, the malicious code extracts a DLL dropper (). Upon importing the compromised library, this DLL is loaded, acting as a dropper for ZiChatBot. It then establishes persistence by creating an auto-run entry in the Windows Registry and self-deletes to minimize traces. For Linux systems, a shared object dropper () installs the malware in and configures a crontab entry for persistence.

Innovative Command and Control

ZiChatBot distinguishes itself by not relying on traditional command-and-control (C2) servers. Instead, it utilizes the REST APIs of the public team chat application Zulip. This method allows the malware to blend in with legitimate network traffic, making it significantly harder to detect. After executing commands received from the Zulip API, ZiChatBot sends a simple heart emoji as a confirmation signal.

Potential Attribution and Evolving Tactics

Security researchers noted that the dropper component shares a notable similarity (64%) with a dropper previously used by the Vietnam-aligned hacking group OceanLotus, also known as APT32. This suggests a potential link to the group, indicating their evolving strategy to expand their targeting scope beyond traditional methods like phishing emails and into the developer ecosystem through supply chain attacks.

Mitigation and Protection

While the malicious packages have since been removed from PyPI and the associated Zulip organization deactivated, this incident highlights the persistent threat of supply chain attacks. Organizations are advised to implement robust security measures, including monitoring suspicious network traffic, scrutinizing registry and crontab modifications, and utilizing Software Composition Analysis (SCA) tools to vet dependencies. Developers should also verify package authenticity, check maintainer reputation, and employ dependency pinning with hash verification.

Sources

• PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux, The Hacker News.

• OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI, Securelist.

• Malicious PyPI Packages Target Windows and Linux, SecNews.gr.