Cybersecurity researchers have discovered three packages on the **Python Package Index (PyPI)** repository that were designed to stealthily deliver a previously unknown malware family called **ZiChatBot** on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," **Kaspersky** said. "Unlike traditional malware, ZiChatBot does not communicate with a dedicated command-and-control (C2) server, but instead uses a series of REST APIs from the public team chat app **Zulip** as its C2 infrastructure." ### Malicious Packages The activity has been described as a "carefully planned and executed PyPI supply chain attack" by the Russian cybersecurity company. The malicious packages, which have since been removed from PyPI, include: * uuid32-utils (1,479 downloads) * colorinal (614 downloads) * termncolor (387 downloads) These packages were uploaded between July 16 and 22, 2025. While `uuid32-utils` and `colorinal` contain similar malicious payloads, `termncolor` lists `colorinal` as a dependency. ### Infection Process On Windows systems, installing either `uuid32-utils` or `colorinal` extracts a DLL dropper (`terminate.dll`) and writes it to disk. When the library is imported, the DLL loads and acts as a dropper for ZiChatBot. It then establishes an auto-run entry in the Windows Registry and deletes itself from the host. The Linux version of the shared object dropper (`terminate.so`) plants the malware in the `/tmp/obsHub/obs-check-update` path and configures a crontab entry. Regardless of the operating system, ZiChatBot executes shellcode received from its C2 server. After executing the command, the malware sends a heart emoji as a response to signal the server that the operation was successful. ### Attribution The actor behind this campaign remains unclear. However, **Kaspersky** notes a "64% similarity" between the dropper and another dropper used by **OceanLotus** (aka APT32), a Vietnam-aligned hacking group. In late 2024, **OceanLotus** was observed targeting the Chinese cybersecurity community with poisoned Visual Studio Code projects masquerading as Cobalt Strike plugins. This attack delivered a trojan that used the Notion note-taking service as its C2, according to **ThreatBook**. **Kaspersky** suggests that this PyPI supply chain campaign, if attributed to **OceanLotus**, indicates an expansion of the threat actor's targeting scope. "Although phishing emails are still a common initial infection method for OceanLotus, the group is also actively exploring new ways to compromise victims through diverse supply chain attacks," they stated.