Skip to main content
Emerging ThreatsMalware & Ransomware

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs

Laptop screen displays PyPI webpage with developer workspace and team chat app in background.

"While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky said.

Kaspersky's finding: PyPI wheels delivered a new malware family via Zulip APIs

Cybersecurity researchers at Kaspersky reported that three Python wheel packages published to the Python Package Index (PyPI) were used to deliver a previously unknown malware family the company has named ZiChatBot. According to Kaspersky, the packages appeared to provide legitimate functionality but covertly dropped malicious components. Rather than using a dedicated command-and-control (C2) server, the malware family relies on a series of public REST APIs provided by the team chat application Zulip to receive instructions.

The three packages, timing, and distribution footprint

Kaspersky identified three packages that were uploaded to PyPI in a short window between July 16 and July 22, 2025. The packages — uuid32-utils, colorinal, and termncolor — have since been removed from the repository. Downloads recorded before takedown were 1,479 for uuid32-utils, 614 for colorinal, and 387 for termncolor. Kaspersky noted that uuid32-utils and colorinal carried similar malicious payloads, while termncolor was a benign-looking package that declared colorinal as a dependency, creating a chain that could pull in the malicious code when the dependency was installed.

How ZiChatBot deploys on Windows and Linux

Kaspersky's technical description separates behavior by operating system but highlights common design goals. On Windows, the malicious wheels extract a dynamic-link library named "terminate.dll" and write it to disk; when the library is imported into a project the DLL is loaded and acts as a dropper for ZiChatBot. The dropper establishes an auto-run entry in the Windows Registry and executes code that deletes the dropper from the host, helping the infection to persist while removing obvious artifacts.

On Linux systems, the shared object dropper — "terminate.so" — installs the malware under the path "/tmp/obsHub/obs-check-update" and creates a crontab entry to maintain execution. Across both platforms ZiChatBot is designed to receive shellcode via its Zulip-based C2 traffic, execute the received commands, and then send a heart emoji as the success signal confirming the operation was completed.

Similarity to OceanLotus tooling and earlier supply-chain experiments

Kaspersky reported the dropper used in this campaign shares "64% similarity" with another dropper previously attributed to a Vietnam-aligned hacking group known as OceanLotus (aka APT32). Kaspersky did not assert definitive attribution, saying only that exact responsibility for this PyPI supply-chain campaign is not clear. The company further observed this pattern would be consistent with OceanLotus’s prior experimentation with supply-chain delivery mechanisms: in late 2024 the group was observed targeting the Chinese cybersecurity community with poisoned Visual Studio Code projects that masqueraded as Cobalt Strike plugins and delivered a trojan executed automatically when the project was compiled. That operation used the Notion note-taking service for C2, according to an analysis from ThreatBook.

What this means for technologists, open-source maintainers, and defenders

  • Technologists and security teams: The campaign demonstrates a supply-chain vector that leverages legitimate package functionality and public collaboration APIs (Zulip). Teams should be alert to unexpected dependencies and to runtime behaviors that drop native libraries or create autostart entries.
  • Open-source maintainers and package consumers: The use of a benign-looking package (termncolor) that depended on a malicious package underscores dependency-chain risk. Maintainership processes that include dependency review, provenance checks, and tight CI controls can reduce the chance a malicious wheel is pulled into production.
  • Enterprise defenders and procurement leaders: The cross-platform nature of the dropper — terminate.dll on Windows and terminate.so on Linux — and the use of non-traditional C2 (public Zulip APIs) indicate that defenders must monitor for unusual outbound use of collaboration platforms and for indicators such as unexpected registry autoruns, crontab entries, and creation of files in paths like /tmp/obsHub/obs-check-update.

The PyPI campaign described by Kaspersky is characterized in its own terms as a "carefully planned and executed PyPI supply chain attack." Who exactly is behind it remains unresolved in the reporting; Kaspersky’s note of a 64% tool similarity to previously seen OceanLotus droppers invites scrutiny but stops short of firm attribution. What is clear from the published analysis is the blending of familiar supply-chain techniques with unconventional command channels — a combination that both expands the attack surface and complicates detection paradigms.

Read the original Kaspersky-based report at The Hacker News: https://thehackernews.com/2026/05/pypi-packages-deliver-zichatbot-malware.html