{"id":837,"date":"2026-05-07T09:41:58","date_gmt":"2026-05-07T09:41:58","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=837"},"modified":"2026-05-07T09:41:58","modified_gmt":"2026-05-07T09:41:58","slug":"pypi-packages-deliver-zichatbot-malware-via-zulip-apis-on-windows-and-linux","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=837","title":{"rendered":"PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">May 07, 2026<\/span><\/span><span class=\"p-tags\">Malware \/ Threat Intelligence<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhGun7lMQJXWH3IQiR3ml3RMzAbb1QJcWEtgqDrKTjPbvBhTsDPaCWmI1vTAnevTVPx0lg4xvPkOcpx_86_Znxdgpj-hynQXGEHqf94dvYwOy5VqqnqBWEWrJ3MEkQcLVBVt00Y8pUqVWj4W-hYYepmDmtX9PRQh87qZC7XbJCwdEaLsBY-vTsbkS0yqikd\/s1700-e365\/pypi.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called\u00a0<b>ZiChatBot <\/b>on Windows and Linux systems.<\/p>\n<p>\u00abWhile these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,\u00bb Kaspersky\u00a0<a href=\"https:\/\/securelist.com\/oceanlotus-suspected-pypi-zichatbot-campaign\/119603\/\">said<\/a>. \u00abUnlike traditional malware, ZiChatBot does not communicate with a dedicated command-and-control (C2) server, but instead uses a series of REST APIs from the public team chat app <b>Zulip <\/b>as its C2 infrastructure.\u00bb<\/p>\n<p>The activity has been described as a \u00abcarefully planned and executed PyPI supply chain attack\u00bb by the Russian cybersecurity company. The names of the packages, which have since been taken down, are listed below &#8211;<\/p>\n<ul>\n<li>uuid32-utils (1,479 downloads)<\/li>\n<li>colorinal (614 downloads)<\/li>\n<li>termncolor (387 downloads)<\/li>\n<\/ul>\n<p>All three packages were uploaded to PyPI during a short window between July 16 and 22, 2025. While uuid32-utils and colorinal make use of similar malicious payloads, termncolor is a benign-looking package that lists colorinal as a dependency.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>On Windows systems, once any of the first two packages is installed, the malicious code extracts a DLL dropper (\u00abterminate.dll\u00bb) and write it to disk. At the time the library is imported into a project, the DLL is loaded, acting as a dropper for ZiChatBot, after which it establishes an auto-run entry in the Windows Registry, and runs code to delete itself from the host.<\/p>\n<p>The Linux version of the shared object dropper (\u00abterminate.so\u00bb) plants the malware in the \u00ab\/tmp\/obsHub\/obs-check-update\u00bb path and configures a crontab entry. Regardless of the operating system it&#8217;s running on, ZiChatBot is designed to execute shellcode received from its C2 server. After executing the command, the malware sends a heart emoji as a response to signal the server that the operation was successful.<\/p>\n<p>Exactly who is behind the campaign is not clear. However, Kaspersky said the dropper shares a \u00ab64% similarity\u00bb to another dropper used by a Vietnam-aligned hacking group named OceanLotus (aka APT32).<\/p>\n<p>In late 2024, the threat actor was <a href=\"https:\/\/web.archive.org\/web\/20250410004812\/https:\/\/threatbook.io\/blog\/id\/1100\">observed<\/a> targeting the Chinese cybersecurity community with poisoned Visual Studio Code projects masquerading as Cobalt Strike plugins to deliver a trojan that&#8217;s executed automatically when the project is compiled. The malware uses the Notion note-taking service as C2, per an analysis from ThreatBook.<\/p>\n<p>Kaspersky pointed out that if the PyPI supply chain campaign is indeed the work of OceanLotus, it represents the threat actor&#8217;s strategy to expand its targeting scope.<\/p>\n<p>\u00abAlthough phishing emails are still a common initial infection method for OceanLotus, the group is also actively exploring new ways to compromise victims through diverse supply chain attacks,\u00bb it said.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802May 07, 2026Malware \/ Threat Intelligence Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware&hellip;<\/p>\n","protected":false},"author":1,"featured_media":838,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[1557,529,181,42,35,934,307,1555,1556],"class_list":["post-837","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-apis","tag-deliver","tag-linux","tag-malware","tag-packages","tag-pypi","tag-windows","tag-zichatbot","tag-zulip"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/837","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=837"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/837\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/838"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=837"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=837"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=837"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}