Cybersecurity researchers have detected a PyPI supply chain campaign that distributed a new malware, called ZiChatBot, through three packages that seemed legitimate but hidden a malicious delivery mechanism. The most striking technical innovation is the use of public APIs of a team chat application as command and control infrastructure (C2), instead of traditional C2 servers, which makes it difficult to detect for suspicious traffic to private domains.
The packages, which were already removed from PyPI after the report, were uploaded in a short window in July 2025 and together had thousands of downloads. His behavior shows an increasingly common tactic: small projects with seemingly harmless features that serve as a gateway for native droppers in Windows and Linux. On the Windows platform the payload places and load a DLL called "terminate.dll," creates persistence in the record and tries to delete evidence; in Linux the equivalent is "terminate.so" planted in "/ tmp / obsHub / obs-check-update" with a crontab entry for persistence. The malware runs shellcode received by REST and confirms the execution with a heart emoji towards its C2 in Zulip.
Beyond how ZiChatBot works, the episode has strategic implications: the use of legitimate services (such as Zulip or, in previous campaigns attributed to similar groups, Notion) as a control channel complicates the response, because traffic seems normal and public suppliers are not designed to act as threat infrastructure. This increases the risk for development and deployment environments that accept external units without strong controls especially when these units contain binary components or compiled wheels.
The attribution is not confirmed, although analysts mentioned similarities with a dropper used by the actor known as OceanLotus (APT32). If confirmed, it would be consistent with the group's tendency to diversify vectors beyond traditional phishing and to use supply chain techniques to scale its scope. Whoever the author is, the vector is relevant: attackers are perfecting the abuse of public repositories.
For developers and security equipment this means adjusting both processes and technical controls. Practical recommendations include auditing dependencies before integrating them into productive projects, distrusting new packages with few downloads that declare unexpected dependencies, and reviewing the presence of native binaries or wheels within packages. Unit audit tools such as pip-audit help identify known vulnerabilities, and the PyPI security page offers guidelines and reporting mechanisms that you should know: https: / / pypi.org / security /.
From an operational perspective, there are concrete detection and recovery actions: search and remove indicator files such as "terminate.dll" and "terminate.so," review Autostart entries in the Windows Registry and chronJobs on Linux servers, and monitor outgoing connections to Zulip APIs or other third-party services. It is also prudent to generate an SBOM for critical environments, to force human review of changes in CI / CD units, and to implement policies to restrict the execution of unsigned binaries.
Organizations should also strengthen their package governance strategy: require signatures and 2FA to critical package owners, limit installation permits in sensitive environments and apply strong isolation in development environments so that an accidental installation does not compromise production infrastructure. Software supply chain security best practice resources can be found in the CISA supply chain guide: https: / / www.cisa.gov / supply-chain.
Finally, open source project managers and repository managers must activate review mechanisms and alerts to native-code packages or unusual behaviors. The key lesson is that the security of the supply chain requires continuous surveillance: attackers migrate quickly to vectors that amplify impact and camouflage malicious traffic within legitimate services. Implementing preventive controls and early detection capabilities is now more critical than ever.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...