Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems.
"While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky said. "Unlike traditional malware, ZiChatBot does not communicate with a dedicated command-and-control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure."
The activity has been described as a "carefully planned and executed PyPI supply chain attack" by the Russian cybersecurity company. The names of the packages, which have since been taken down, are listed below -
- uuid32-utils (1,479 downloads)
- colorinal (614 downloads)
- termncolor (387 downloads)
All three packages were uploaded to PyPI during a short window between July 16 and 22, 2025. While uuid32-utils and colorinal make use of similar malicious payloads, termncolor is a benign-looking package that lists colorinal as a dependency.
On Windows systems, once any of the first two packages is installed, the malicious code extracts a DLL dropper ("terminate.dll") and write it to disk. At the time the library is imported into a project, the DLL is loaded, acting as a dropper for ZiChatBot, after which it establishes an auto-run entry in the Windows Registry, and runs code to delete itself from the host.
The Linux version of the shared object dropper ("terminate.so") plants the malware in the "/tmp/obsHub/obs-check-update" path and configures a crontab entry. Regardless of the operating system it's running on, ZiChatBot is designed to execute shellcode received from its C2 server. After executing the command, the malware sends a heart emoji as a response to signal the server that the operation was successful.
Exactly who is behind the campaign is not clear. However, Kaspersky said the dropper shares a "64% similarity" to another dropper used by a Vietnam-aligned hacking group named OceanLotus (aka APT32).
In late 2024, the threat actor was observed targeting the Chinese cybersecurity community with poisoned Visual Studio Code projects masquerading as Cobalt Strike plugins to deliver a trojan that's executed automatically when the project is compiled. The malware uses the Notion note-taking service as C2, per an analysis from ThreatBook.
Kaspersky pointed out that if the PyPI supply chain campaign is indeed the work of OceanLotus, it represents the threat actor's strategy to expand its targeting scope.
"Although phishing emails are still a common initial infection method for OceanLotus, the group is also actively exploring new ways to compromise victims through diverse supply chain attacks," it said.
