Kaspersky says a cluster of malicious Python packages on PyPI quietly delivered a new backdoor it calls ZiChatBot — and instead of talking to a traditional command-and-control server, the malware used Zulip REST APIs as its C2 channel.[1]
The researchers said the packages were uploaded beginning in July 2025 and later removed from the repository after disclosure.[1] The three package names called out in the report were uuid32-utils, colorinal, and termncolor (which depends on colorinal).[1]
What to do if your team installed them
If any of those package names show up in your build logs or dependency locks, treat it like a supply-chain incident: remove the packages, rebuild from a known-good state, and review where the environment might have exposed secrets (CI tokens, API keys, SSH keys, cloud credentials). For background on how these campaigns target developer environments, see our earlier coverage of poisoned developer-tool packages used to steal CI secrets.[3]
Kaspersky also recommended blocking the Zulip host they observed the malware using (helper.zulipchat.com) as a defensive control, and noted it was deactivated by Zulip after notification.[1]
References
- Kaspersky Securelist (GReAT), “OceanLotus suspected of using PyPI to deliver ZiChatBot malware”, published May 6, 2026.
- The Hacker News, “PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux”, published May 7, 2026.
- howtofix.guide, “Poisoned Ruby Gems and Go Modules Used to Steal CI Secrets”, published May 1, 2026.
Leave a Comment