VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

PyPI: three packages delivered ZiChatBot malware via Zulip API on Windows and Linux

PyPI: три пакета доставляли вредоносное ПО ZiChatBot через Zulip API на Windows и Linux

Colleagues, a cybersecurity alert: three PyPI packages were found secretly delivering the ZiChatBot malware via the Zulip REST API.

• Found: uuid32-utils, colorinal, termncolor (removed from PyPI).
• Behavior: Windows — drops terminate.dll and registers persistence in the registry; Linux — drops terminate.so to /tmp/obsHub/obs-check-update and adds a cron job.
• C2 and artifacts: controlled via public Zulip API; executes shellcode and replies with a “heart”. Kaspersky notes ~64% similarity to OceanLotus dropper.

Why it matters: supply‑chain attacks on PyPI can impact projects—verify dependencies and monitor autostart/cron.

How do you validate package supply chains in your projects?
#cybersecurity #supplychain #PyPI #Python

Latest comments

No comments yet.