Full Report
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky
Analysis Summary
# Tool/Technique: ZiChatBot
## Overview
ZiChatBot is a sophisticated, cross-platform malware family discovered in 2026 that targets Windows and Linux systems through a Python Package Index (PyPI) supply chain attack. Its most distinctive feature is the use of the **Zulip** team chat application's REST APIs for Command and Control (C2) communication, rather than a traditional dedicated server. This allows it to blend into legitimate enterprise network traffic.
## Technical Details
- **Type**: Malware family (Trojan)
- **Platform**: Windows, Linux
- **Capabilities**: Shellcode execution, automated persistence, supply chain delivery, legitimate API abuse (C2)
- **First Seen**: July 2025 (Initial PyPI uploads); Reported May 2026
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- T1195.002 - Supply Chain Compromise: Compromise Software Dependencies
- **TA0003 - Persistence**
- T1547.001 - Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder
- T1053.003 - Scheduled Task/Job: Cron
- **TA0005 - Defense Evasion**
- T1070.004 - Indicator Removal: File Deletion
- T1140 - Deobfuscation/Decoding of Files or Information
- **TA0011 - Command and Control**
- T1102.002 - Web Service: Bidirectional Communication (Abuse of Zulip API)
- T1071.001 - Application Layer Protocol: Web Protocols
## Functionality
### Core Capabilities
- **Supply Chain Injection**: Distributed via malicious PyPI packages (`uuid32-utils`, `colorinal`, `termncolor`) that perform advertised functions to avoid immediate suspicion.
- **Dropper Mechanism**: Uses OS-specific shared libraries (`terminate.dll` for Windows, `terminate.so` for Linux) to extract and install the final payload.
- **Cross-Platform Delivery**: Automates persistence based on the host OS—modifying the Windows Registry for Windows or creating Crontab entries for Linux.
### Advanced Features
- **Legitimate Service Abuse (C2)**: Instead of reaching out to a suspicious IP, the malware uses Zulip's REST APIs to receive commands (shellcode).
- **Non-Standard Exfiltration/Status**: Uses emojis (e.g., a "heart" emoji) in chat responses to signal successful command execution to the threat actor.
- **Self-Cleaning**: The Windows dropper library includes code to delete itself from the disk after successfully initiating the primary payload.
## Indicators of Compromise
- **File Names**:
- `terminate.dll` (Windows Dropper)
- `terminate.so` (Linux Dropper)
- `/tmp/obsHub/obs-check-update` (Linux payload path)
- **PyPI Packages**:
- `uuid32-utils`
- `colorinal`
- `termncolor`
- **Registry Keys**: Windows Auto-run/Run keys used for persistence (specific key names not provided in the report).
- **Network Indicators**:
- API calls to `zulip[.]com` or self-hosted Zulip instances.
- **Behavioral Indicators**:
- Unexplained `pip install` activity for unknown or unverified utilities.
- Creation of hidden directories in `/tmp/` on Linux.
- Unexpected shell/terminal processes spawned by the Python interpreter.
## Associated Threat Actors
- **OceanLotus (APT32)**: Highly suspected due to 64% code similarity in the dropper and previous history of mimicking third-party services (like Notion) for C2 infrastructure.
## Detection Methods
- **Signature-based detection**: Scanning for the `terminate.dll/so` files and specific PyPI package names.
- **Behavioral detection**:
- Monitoring for Python processes reaching out to Zulip APIs if Zulip is not an authorized tool in the environment.
- Detection of Registry/Crontab modifications originating from Python scripts.
- **Integrity Checking**: Verifying hashes of installed Python site-packages against known clean versions.
## Mitigation Strategies
- **Supply Chain Hardening**: Use internal PyPI mirrors (like Artifactory) to host vetted/approved packages only.
- **Dependency Pinning**: Use `requirements.txt` with hashes (SHA-256) to ensure environment packages haven't been tampered with.
- **Network Segmentation**: Restrict developer workstation access to known-good repositories and block unauthorized collaboration APIs if not in use.
- **Endpoint Protection**: Use EDR tools to monitor for suspicious child processes (e.g., Python spawning `cmd.exe` or `/bin/sh`).
## Related Tools/Techniques
- **Cobalt Strike**: Used by OceanLotus in related campaigns.
- **Notion as C2**: A similar technique previously employed by the same threat actor to hide traffic.
- **Typosquatting/Dependency Confusion**: Related supply chain methods used to distribute malware via package managers.