Close Menu
    What's Hot

    Bastille Day party turns sour in Brussels – Live Updates

    Trump Scraps 20 Percent Strait of Hormuz Toll for Gulf Investment Deals

    M.P. Evans Group PLC (MPEVF) Discusses Responsible Production and Pricing Dynamics in Palm Oil Industry Transcript

    Facebook X (Twitter) Instagram
    Trending
    • Bastille Day party turns sour in Brussels – Live Updates
    • Trump Scraps 20 Percent Strait of Hormuz Toll for Gulf Investment Deals
    • M.P. Evans Group PLC (MPEVF) Discusses Responsible Production and Pricing Dynamics in Palm Oil Industry Transcript
    • France 0 – 2 Spain
    • Helping AI models to meet the real world | MIT News
    • Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack
    • No More Trips to Walgreens? State Department Teases…
    • French and Spanish parties – Live Updates
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

    adminBy adminMay 7, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananMay 07, 2026Malware / Threat Intelligence

    PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

    Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems.

    “While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files,” Kaspersky said. “Unlike traditional malware, ZiChatBot does not communicate with a dedicated command-and-control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure.”

    The activity has been described as a “carefully planned and executed PyPI supply chain attack” by the Russian cybersecurity company. The names of the packages, which have since been taken down, are listed below –

    • uuid32-utils (1,479 downloads)
    • colorinal (614 downloads)
    • termncolor (387 downloads)

    All three packages were uploaded to PyPI during a short window between July 16 and 22, 2025. While uuid32-utils and colorinal make use of similar malicious payloads, termncolor is a benign-looking package that lists colorinal as a dependency.

    Cybersecurity

    On Windows systems, once any of the first two packages is installed, the malicious code extracts a DLL dropper (“terminate.dll”) and write it to disk. At the time the library is imported into a project, the DLL is loaded, acting as a dropper for ZiChatBot, after which it establishes an auto-run entry in the Windows Registry, and runs code to delete itself from the host.

    The Linux version of the shared object dropper (“terminate.so”) plants the malware in the “/tmp/obsHub/obs-check-update” path and configures a crontab entry. Regardless of the operating system it’s running on, ZiChatBot is designed to execute shellcode received from its C2 server. After executing the command, the malware sends a heart emoji as a response to signal the server that the operation was successful.

    Exactly who is behind the campaign is not clear. However, Kaspersky said the dropper shares a “64% similarity” to another dropper used by a Vietnam-aligned hacking group named OceanLotus (aka APT32).

    In late 2024, the threat actor was observed targeting the Chinese cybersecurity community with poisoned Visual Studio Code projects masquerading as Cobalt Strike plugins to deliver a trojan that’s executed automatically when the project is compiled. The malware uses the Notion note-taking service as C2, per an analysis from ThreatBook.

    Kaspersky pointed out that if the PyPI supply chain campaign is indeed the work of OceanLotus, it represents the threat actor’s strategy to expand its targeting scope.

    “Although phishing emails are still a common initial infection method for OceanLotus, the group is also actively exploring new ways to compromise victims through diverse supply chain attacks,” it said.

    APIs Deliver Linux Malware Packages PyPI Windows ZiChatBot Zulip
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleRetracing Henry Knox’s Revolutionary War Trek Across the Wilderness
    Next Article There Is No Evidence the Trump Assassination Attempts Were Staged. People Still Believe They Were
    admin
    • Website

    Related Posts

    Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

    July 14, 2026

    Microsoft Patches a Record 570 Security Flaws – Krebs on Security

    July 14, 2026

    SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

    July 14, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Bastille Day party turns sour in Brussels – Live Updates

    Trump Scraps 20 Percent Strait of Hormuz Toll for Gulf Investment Deals

    M.P. Evans Group PLC (MPEVF) Discusses Responsible Production and Pricing Dynamics in Palm Oil Industry Transcript

    France 0 – 2 Spain

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by