A newly discovered malware called ZiChatBot has been found quietly using the REST APIs of a legitimate team chat application called Zulip to receive and carry out commands from its operators.
This approach is unusual because the malware never communicates with a private server that security tools could flag or block, making it harder to detect through standard network monitoring.
The threat was uncovered after a series of malicious Python packages were found on PyPI, the widely used Python Package Index, starting in July 2025. The attacker uploaded packages designed to look like common development libraries, tricking Python developers into installing them.
Once installed, these packages silently dropped the ZiChatBot payload onto the victim’s system without raising obvious alerts.
Analysts at Securelist identified and named the malware after analyzing samples through their threat analysis pipeline. Their research confirmed ZiChatBot targets both Windows and Linux systems, making it a cross-platform threat capable of reaching a wide range of developers and machines.
The Kaspersky Threat Attribution Engine flagged a 64% code similarity between the ZiChatBot dropper and a dropper previously linked to the OceanLotus APT group.
Distribution information of the colorinal project (Source – Securelist)
OceanLotus, also known as APT32, is a well-established threat group that has historically focused on targets in the Asia-Pacific region. However, recent activity shows the group pushing beyond its traditional boundaries, including campaigns in the Middle East and now a global supply chain attack through PyPI. This shift reflects a clear effort by the group to broaden its reach by targeting trusted public platforms that developers rely on daily.
ZiChatBot Malware Uses Zulip REST APIs as Its Command Channel
The malicious packages have since been removed from PyPI, and the Zulip organization used by the attackers has been officially deactivated. Still, researchers warn that already-infected systems may still attempt to contact the deactivated Zulip endpoint, meaning cleanup on compromised machines remains critical.
ZiChatBot takes an inventive but dangerous approach to command and control by routing all activity through Zulip’s public REST API. Rather than contacting a suspicious external server, the malware sends HTTP requests to a legitimate service, letting its traffic blend in with normal developer communication. Authentication is handled through an API token embedded within each HTTP request header.
The malware operates through two separate channel-topic pairs within the Zulip platform. One pair sends basic system information about the infected machine back to the attacker. The other retrieves messages containing shellcode, which ZiChatBot executes in a new thread. Once a command runs, the malware replies with a heart emoji in the chat to signal completion, showing how carefully attackers disguised operations as routine activity.
The Windows version of ZiChatBot is a DLL file named libcef.dll, loaded through a legitimate executable called vcpktsvr.exe. It establishes persistence by writing a registry auto-run entry, ensuring it restarts when the user logs in. On Linux, the payload sits at /tmp/obsHub/obs-check-update and uses a crontab entry to keep access alive on the infected system.
PyPI Supply Chain Attack Used to Deliver the Payload
The attack started with three fake Python libraries uploaded to PyPI, each named to closely resemble tools that developers use in everyday projects. The packages, uuid32-utils, colorinal, and termncolor, appeared harmless based on their listed descriptions. In reality, each carried a dropper that silently extracted and installed ZiChatBot during the normal library import process.
The code loads the dropper into the host Python process (Source – Securelist)
The termncolor package was especially deceptive since it contained no obviously malicious code on its own. Instead, it listed the malicious colorinal package as a dependency, so anyone who installed termncolor would unknowingly trigger the full infection chain. This layered method made the attack far less visible to automated tools that only scan surface-level code.
The dropper used AES encryption in CBC mode to hide sensitive strings and embedded payloads. After deploying ZiChatBot, it used shellcode to self-delete, wiping traces of the initial infection. Researchers advise adding helper.zulipchat.com to network denylists to identify any machines still reaching out to the now-deactivated attacker infrastructure.
Indicators of Compromise (IoCs):-
TypeIndicatorDescriptionFile Nametermncolor-3.1.0-py3-none-any.whlMalicious PyPI wheel package (termncolor)File Nameuuid32_utils-1.x.x-py3-none-xxxx.whlMalicious PyPI wheel package (uuid32-utils)File Namecolorinal-0.1.7-py3-none-xxxx.whlMalicious PyPI wheel package (colorinal)File Nameterminate.dllZiChatBot dropper (Windows)File Nameterminate.soZiChatBot dropper (Linux)File NameBackward.dllAlternate dropper name (Windows)File NameBackward.soAlternate dropper name (Linux)File Namelibcef.dllZiChatBot DLL payload (Windows)File Namevcpktsvr.exeLegitimate loader executable used by ZiChatBotDomainhelper.zulipchat.comZulip C2 organization used by attackers (now deactivated)Hash (SHA256)5152410aeef667ffaf42d40746af4d840a5a06faMalicious file hashHash (SHA256)2e74a57fd5ed8e85f04a483ae4a0ad38fd18a0e1Malicious file hashHash (SHA256)1199d1c52751908b5598baa59c716590d8841c63Malicious file hashHash (SHA256)12d8349e968782b4feb4236858e3253f77ecf4b0Malicious file hashHash (SHA256)b55b6e364be44f27e3fecdce5ad69eca02f47015Malicious file hashHash (SHA256)59fc40067e69bb426776a54fe200f2f6a2120286Malicious file hashHash (SHA256)f9056743bc94a49d22538214a3c917ff3b13a9e2Malicious file hashHash (SHA256)035ca521ba2f1868f2af9e191ebf47a5fab5cbabcMalicious file hashHash (SHA256)33782c94c29dd268a42cbe03542bca5454b85dc3Malicious file hashHash (SHA256)2dc8023cd2be04e4501f16afce65c540d8186d95Malicious file hashHash (SHA256)06e2f84c38a57c4652f4da6c467838957de19eedMalicious file hashHash (SHA256)40d39da1995682d600e329b7833003a0160925238b75af6cbdb60127decd59140Malicious file hashHash (SHA256)d10640a26019b68ef060e593b8651262cbd0f6Malicious file hashHash (MD5)48be833b0b0ca1ad3cf99c66dc89c3f4vcpktsvr.exe (legitimate loader)Auth TokenTW9yaWFuLWJvdEBoZWxwZXIuenVsaXBjaGF0LmNvbTpVOFJFWGxJNktmOHFYQjlyUXpPUEJpSUE0YnJKNThxRw==Zulip API auth token (Base64-encoded, C2 authentication)
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post New ZiChatBot Malware Uses Zulip REST APIs as Command and Control Server appeared first on Cyber Security News.
