Three PyPI packages drop ZiChatBot malware that uses Zulip chat APIs as C2

Kaspersky uncovered three malicious PyPI packages — uuid32-utils, colorinal, and termncolor — uploaded in a one-week window in July 2025 and collectively pulled down roughly 2,500 times before takedown. The packages deliver a previously unknown malware family dubbed ZiChatBot, which abandons traditional dedicated C2 infrastructure in favor of Zulip’s public team-chat REST APIs to receive commands and exfiltrate results, blending malicious traffic into legitimate SaaS flows.

The loaders are cross-platform: on Windows a bundled terminate.dll drops the payload, sets a Run-key autostart, and self-deletes; on Linux a terminate.so variant stages the binary under /tmp/obsHub/ and installs a crontab entry. ZiChatBot’s main job is to execute shellcode pushed from the operators, acknowledging successful runs with a heart emoji reply on Zulip. termncolor itself is benign but pulls in the malicious colorinal as a dependency — a classic dependency-confusion-style relay.

Kaspersky flags a 64% code similarity between the dropper and tooling attributed to OceanLotus (APT32), the Vietnam-aligned group previously seen poisoning Visual Studio Code projects targeting Chinese security researchers and abusing Notion as C2. If the attribution holds, it signals OceanLotus broadening from phishing into open-source registry supply-chain attacks against developer ecosystems.