Skip to main content

Tag: zichatbot malware

2 articles

Laptop screen displays PyPI webpage with developer workspace and team chat app in background.

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs

Malicious Python packages on PyPI were found to be secretly delivering a new malware called ZiChatBot, which uses Zulip APIs to receive instructions. These seemingly harmless packages covertly dropped malicious components, highlighting the importance of vigilance when downloading code from public repositories.

Analyst 207
Software development environment with laptop, PyPI webpage, and tools on a cluttered desk near a window.

OceanLotus Exploits PyPI to Deliver ZiChatBot Malware

Kaspersky's analysis uncovered a sneaky malware attack on PyPI, where OceanLotus hackers uploaded fake packages that looked like harmless libraries, tricking users into installing the ZiChatBot malware. The malicious packages, uploaded in July 2025, masqueraded as legitimate tools like uuid32-utils, colorinal, and termncolor.

Analyst 207