ZiChatBot Malware Uses Zulip API for Command and Control
Key Takeaways A new malware, ZiChatBot, leverages the legitimate Zulip team chat application’s REST APIs for covert command and control (C2), evading traditional network detection. The malware...
Key Takeaways
- A new malware, ZiChatBot, leverages the legitimate Zulip team chat application’s REST APIs for covert command and control (C2), evading traditional network detection.
- The malware was delivered via a supply chain attack on PyPI, the Python Package Index, through malicious Python packages disguised as common development libraries.
- ZiChatBot targets both Windows and Linux systems and exhibits a 64% code similarity to droppers previously attributed to the sophisticated APT32 (OceanLotus) group.
- While the malicious PyPI packages and attacker’s Zulip organization have been deactivated, infected systems may still attempt to connect, requiring thorough cleanup.
Cybersecurity researchers have uncovered a novel malware strain, dubbed ZiChatBot, that employs the REST APIs of the popular team collaboration platform Zulip for its command and control (C2) infrastructure. This innovative approach allows ZiChatBot to blend its malicious traffic with legitimate network communications, making it significantly harder for conventional security tools to detect.
Table Of Content
The discovery emerged following an investigation into a series of malicious Python packages uploaded to PyPI, the widely used Python Package Index, beginning in July 2025. These packages were meticulously crafted to mimic legitimate development libraries, tricking Python developers into inadvertently installing them. Once executed, the packages silently deployed the ZiChatBot payload onto victims’ systems without triggering immediate alarms.
Analysts at Securelist identified and named the malware after processing samples through their advanced threat analysis pipeline. Their findings confirm ZiChatBot’s cross-platform capabilities, with versions targeting both Windows and Linux environments, indicating a broad potential impact across developer workstations and servers.
Notably, the Kaspersky Threat Attribution Engine revealed a 64% code similarity between the ZiChatBot dropper and a dropper previously linked to the notorious OceanLotus APT group. OceanLotus, also known as APT32, is a sophisticated threat actor historically active in the Asia-Pacific region. However, recent campaigns suggest an expansion of their operational scope, including activities in the Middle East and now a global supply chain attack via PyPI, signaling a strategic shift towards leveraging trusted public platforms to broaden their reach.
ZiChatBot Malware Uses Zulip REST APIs as Its Command Channel
Although the malicious PyPI packages have since been removed and the specific Zulip organization used by the attackers has been deactivated, researchers caution that already-compromised systems may still attempt to communicate with the defunct Zulip endpoint. This underscores the critical need for thorough remediation on any potentially infected machines.
ZiChatBot’s C2 mechanism is particularly ingenious, routing all command and control traffic through Zulip’s public REST API. This method avoids direct communication with a suspicious, attacker-controlled server, allowing malware traffic to appear as routine Zulip activity. Authentication for these communications is achieved via an API token embedded within each HTTP request header.
The malware operates by utilizing two distinct channel-topic pairs within the Zulip platform. One pair is dedicated to exfiltrating basic system information from the compromised machine to the attackers. The second pair is used by the attackers to transmit shellcode, which ZiChatBot then executes within a new thread. Upon successful command execution, the malware sends a heart emoji back into the chat, a subtle signal designed to further camouflage its malicious operations as benign chat interactions.
On Windows systems, ZiChatBot manifests as a DLL file named libcef.dll, loaded by the legitimate executable vcpktsvr.exe. It establishes persistence by creating an auto-run entry in the Windows Registry, ensuring it restarts with each user login. For Linux targets, the payload resides at /tmp/obsHub/obs-check-update and maintains persistence through a crontab entry.
PyPI Supply Chain Attack Used to Deliver the Payload
The initial infection vector involved three deceptive Python libraries uploaded to PyPI. These packages, named uuid32-utils, colorinal, and termncolor, were designed to closely resemble legitimate development tools and appeared harmless based on their descriptions. Each package contained a dropper that silently extracted and installed ZiChatBot during the standard library import process.
The termncolor package employed an especially stealthy tactic: it did not contain malicious code itself but listed the malicious colorinal package as a dependency. Consequently, any developer installing termncolor would unknowingly trigger the full infection chain. This multi-layered approach made the attack significantly more difficult for automated scanning tools that typically focus on surface-level code analysis.
The dropper utilized AES encryption in CBC mode to obscure sensitive strings and embedded payloads. After successfully deploying ZiChatBot, it executed shellcode to self-delete, aiming to erase traces of the initial infection. Researchers recommend adding helper.zulipchat.com to network denylists to identify any systems still attempting to contact the now-deactivated attacker infrastructure.
What You Should Do
- Review PyPI Dependencies: Audit your project dependencies for the malicious packages (
uuid32-utils,colorinal,termncolor) and remove them immediately if found. - Network Monitoring: Implement network monitoring to detect and block connections to
helper.zulipchat.com. While deactivated, attempts to connect indicate a potentially compromised system. - Endpoint Detection & Response (EDR): Ensure EDR solutions are up-to-date and configured to detect unusual process execution, registry modifications (for Windows persistence), and crontab entries (for Linux persistence).
- Indicators of Compromise (IoCs): Integrate the provided IoCs (file names, hashes, domain, API token) into your security tools (SIEM, EDR, firewalls) for proactive detection and blocking.
- User Education: Educate developers on the risks of supply chain attacks and the importance of verifying the authenticity and reputation of third-party libraries before integration.
Indicators of Compromise (IoCs):-
| Type | Indicator | Description |
|---|---|---|
| File Name | termncolor-3.1.0-py3-none-any.whl | Malicious PyPI wheel package (termncolor) |
| File Name | uuid32_utils-1.x.x-py3-none-xxxx.whl | Malicious PyPI wheel package (uuid32-utils) |
| File Name | colorinal-0.1.7-py3-none-xxxx.whl | Malicious PyPI wheel package (colorinal) |
| File Name | terminate.dll | ZiChatBot dropper (Windows) |
| File Name | terminate.so | ZiChatBot dropper (Linux) |
| File Name | Backward.dll | Alternate dropper name (Windows) |
| File Name | Backward.so | Alternate dropper name (Linux) |
| File Name | libcef.dll | ZiChatBot DLL payload (Windows) |
| File Name | vcpktsvr.exe | Legitimate loader executable used by ZiChatBot |
| Domain | helper.zulipchat.com | Zulip C2 organization used by attackers (now deactivated) |
| Hash (SHA256) | 5152410aeef667ffaf42d40746af4d840a5a06fa | Malicious file hash |
| Hash (SHA256) | 2e74a57fd5ed8e85f04a483ae4a0ad38fd18a0e1 | Malicious file hash |
| Hash (SHA256) | 1199d1c52751908b5598baa59c716590d8841c63 | Malicious file hash |
| Hash (SHA256) | 12d8349e968782b4feb4236858e3253f77ecf4b0 | Malicious file hash |
| Hash (SHA256) | b55b6e364be44f27e3fecdce5ad69eca02f47015 | Malicious file hash |
| Hash (SHA256) | 59fc40067e69bb426776a54fe200f2f6a2120286 | Malicious file hash |
| Hash (SHA256) | f9056743bc94a49d22538214a3c917ff3b13a9e2 | Malicious file hash |
| Hash (SHA256) | 035ca521ba2f1868f2af9e191ebf47a5fab5cbabc | Malicious file hash |
| Hash (SHA256) | 33782c94c29dd268a42cbe03542bca5454b85dc3 | Malicious file hash |
| Hash (SHA256) | 2dc8023cd2be04e4501f16afce65c540d8186d95 | Malicious file hash |
| Hash (SHA256) | 06e2f84c38a57c4652f4da6c467838957de19eed | Malicious file hash |
| Hash (SHA256) | 40d39da1995682d600e329b7833003a0160925238b75af6cbdb60127decd59140 | Malicious file hash |
| Hash (SHA256) | d10640a26019b68ef060e593b8651262cbd0f6 | Malicious file hash |
| Hash (MD5) | 48be833b0b0ca1ad3cf99c66dc89c3f4 | vcpktsvr.exe (legitimate loader) |
| Auth Token | TW9yaWFuLWJvdEBoZWxwZXIuenVsaXBjaGF0LmNvbTpVOFJFWGxJNktmOHFYQjlyUXpPUEJpSUE0YnJKNThxRw== | Zulip API auth token (Base64-encoded, C2 authentication) |
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.