Cybersecurity researchers have uncovered a new supply chain attack involving malicious packages uploaded to the Python Package Index (PyPI) repository that secretly install a previously undocumented malware strain called ZiChatBot on both Windows and Linux devices.
According to researchers at Kaspersky, the packages appeared legitimate on the surface and even included the advertised functionality described on their PyPI pages. However, hidden inside the packages was malicious code designed to deploy malware quietly in the background.
Unlike many traditional malware operations that rely on dedicated command-and-control infrastructure, ZiChatBot uses the public team messaging platform Zulip as its communication channel. Researchers said the malware interacts with Zulip through REST APIs, allowing attackers to control infected systems while blending into legitimate network traffic.
Security analysts described the campaign as a highly organized PyPI supply chain attack targeting developers and Linux and Windows environments through poisoned Python packages.
The malicious packages identified in the campaign included:
- uuid32-utils
- colorinal
- termncolor
Before removal from PyPI, the packages collectively received thousands of downloads. Investigators found that the packages were uploaded within a short period between July 16 and July 22, 2025.
Researchers said both uuid32-utils and colorinal contained similar malicious payloads, while termncolor acted as a dependency package that indirectly installed the malicious code through colorinal.
On Windows systems, installing the infected packages triggers the extraction of a malicious DLL file named “terminate.dll.” Once imported into a project, the DLL loads automatically and deploys the ZiChatBot malware. The malware then creates persistence mechanisms using Windows Registry auto-run entries before attempting to remove traces of itself from the compromised machine.
Linux systems are also targeted through a shared object dropper called “terminate.so.” The malware installs itself within the “/tmp/obsHub/obs-check-update” directory and establishes persistence using scheduled cron jobs.
After successful installation, ZiChatBot can receive shellcode instructions remotely and execute commands on infected systems. Researchers noted that after carrying out commands successfully, the malware responds with a heart emoji as a signal back to its operators.
Attribution for the campaign remains uncertain, but Kaspersky researchers said the dropper shares approximately 64% similarity with malware previously linked to the Vietnam-associated threat group OceanLotus, also known as APT32.
OceanLotus has been connected to several advanced cyber espionage operations over the years. In late 2024, the group reportedly targeted members of the Chinese cybersecurity community using malicious Visual Studio Code projects disguised as Cobalt Strike plugins. Those attacks leveraged the Notion platform as part of their command-and-control infrastructure.
Researchers believe the latest PyPI campaign could signal a broader shift in tactics for the group, showing increased interest in software supply chain attacks as an alternative to traditional phishing campaigns.
Security experts continue to warn developers and organizations to carefully review third-party packages before installation, especially open-source dependencies downloaded from public repositories. Supply chain attacks targeting developer ecosystems have become increasingly common because they allow attackers to compromise victims indirectly through trusted software components.