Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the Python Package Index (PyPI). Three malicious packages, disguised as legitimate development tools, were found to deliver a novel malware family named ZiChatBot. This malware uniquely leverages the public team chat application Zulip's APIs for its command and control (C2) infrastructure, making it harder to detect.

Key Takeaways

• Three malicious PyPI packages (uuid32-utils, colorinal, termncolor) were uploaded between July 16-22, 2025.

• The malware, ZiChatBot, targets both Windows and Linux systems.

• It uses Zulip's REST APIs as its C2 server, bypassing traditional C2 detection methods.

• The dropper shares similarities with malware used by the Vietnam-aligned hacking group OceanLotus (APT32).

Malicious Packages and Delivery Mechanism

The compromised packages, , , and , were designed to appear as useful libraries for developers. However, their true purpose was to stealthily install ZiChatBot. The package, in particular, was benign-looking but listed as a dependency, further concealing the malicious payload. These packages were active on PyPI for a short period before being removed.

ZiChatBot's Operation on Windows and Linux

On Windows systems, the installation of or leads to the extraction of a DLL dropper named . When the library is imported into a project, this DLL is loaded, deploying ZiChatBot and establishing persistence via the Windows Registry before self-deleting. For Linux, a shared object dropper () installs the malware in and sets up a crontab entry for persistence.

Regardless of the operating system, ZiChatBot executes shellcode received from its C2 server. A distinctive feature is its response mechanism: after executing a command, it sends a heart emoji back to the server to confirm successful operation.

Command and Control via Zulip

ZiChatBot's C2 infrastructure is a novel aspect of this attack. Instead of relying on dedicated servers, it communicates through REST APIs provided by Zulip, a public team chat application. This method allows the malware to blend in with legitimate network traffic, making detection significantly more challenging for security monitoring systems.

Potential Attribution and Broader Implications

Security researchers note that the dropper used in this campaign shares a notable similarity (64%) with droppers previously attributed to OceanLotus, a hacking group associated with Vietnam. This suggests a potential link to the group's evolving tactics, which include expanding their targeting scope beyond traditional methods to include supply chain attacks.

The discovery highlights the growing threat of supply chain attacks within the software development ecosystem. The compromise of widely used repositories like PyPI can have far-reaching consequences, impacting numerous downstream projects and developers. While the malicious packages have been removed from PyPI and the associated Zulip organization deactivated, this incident serves as a stark reminder of the need for continuous vigilance and robust security practices in software development.

Sources

• PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux, The Hacker News.

• OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI, Securelist.

• Malicious PyPI Packages Target Windows and Linux, SecNews.gr.