Introduction to ZiChatBot and PyPI Supply Chain Attacks
The discovery of three malicious packages on the Python Package Index (PyPI) highlights a sophisticated supply chain attack strategy. These packages, uuid32utils, colorinal, and termncolor, served as vehicles to deliver a novel malware family named ZiChatBot. Unlike conventional payload delivery methods, this attack employed seemingly legitimate Python libraries as a cover, combining functional features with embedded malicious code. The attack took place between July 16 and 22, 2025, exploiting the trust developers place in PyPI repositories.
ZiChatBot's distinguishing feature lies in its use of REST APIs from the Zulip chat application as its command-and-control (C2) infrastructure. This approach eliminates the need for a dedicated C2 server, making traditional network detection mechanisms less effective. The packages have since been removed from PyPI, but their impact emphasizes the importance of scrutinizing third-party libraries.
Malware Behavior on Windows Systems
On Windows platforms, the malicious packages deploy a DLL dropper, terminatedll, which acts as the primary infection vector. Upon installation, the dropper writes itself to disk and is triggered during the library's import into a project. This process establishes an autorun entry in the Windows Registry, ensuring persistence on the infected system.
Once operational, the DLL dropper functions as a delivery mechanism for ZiChatBot. It executes shellcode received through REST API commands, enabling attackers to maintain a high degree of control over the compromised system. After executing its tasks, the dropper self-destructs, leaving minimal forensic evidence for investigators.
Execution Mechanism on Linux Systems
The Linux variant follows a different infection strategy by deploying a shared object dropper named terminateso. Upon execution, this file plants ZiChatBot in the tmp/obsHub/obscheckupdate directory, where it remains hidden from casual inspection. A crontab entry is then created to ensure the malware's persistence and periodic execution.
Similar to its Windows counterpart, the Linux version of ZiChatBot executes shellcode received from the Zulip-based C2 server. The malware uses a unique signaling mechanism, sending a heart emoji back to its operators to confirm successful execution of commands. This cross-platform compatibility demonstrates the attackers' technical proficiency.
Connections to Advanced Persistent Threats
Analysis of the dropper revealed a 64% similarity to malware previously attributed to OceanLotus, also known as APT32. This Vietnam-aligned group has a history of targeting software developers and cybersecurity professionals with supply chain attacks. In late 2024, they utilized poisoned Visual Studio Code projects to distribute trojans disguised as Cobalt Strike plugins.
These parallels suggest a potential link between ZiChatBot and OceanLotus, although definitive attribution remains elusive. The attackers' use of platforms like Zulip and Notion for C2 operations demonstrates their ability to adapt to modern detection challenges, leveraging legitimate services to evade suspicion.
Implications for Software Supply Chain Security
This incident underscores the growing threat posed by supply chain attacks targeting widely used repositories like PyPI. Developers must adopt stringent practices such as verifying package integrity and monitoring for unusual behavior during software development. Enhanced scrutiny of dependencies is critical to mitigating risks.
Organizations should also consider implementing runtime monitoring to detect anomalies associated with malware like ZiChatBot. By focusing on behavioral indicators rather than static signatures, defenders can improve their ability to identify and respond to sophisticated threats. This attack serves as a stark reminder of the evolving tactics employed by adversaries in the cybersecurity landscape.