A newly identified cyber threat, ZiChatBot malware, is leveraging the REST APIs of Zulip, a legitimate team chat application, to covertly receive instructions from its operators. This innovative method avoids detection by bypassing private servers, which are typically flagged by security systems.
Uncovering the Threat
The discovery of ZiChatBot followed the identification of malicious Python packages on PyPI, a widely used Python Package Index, beginning in July 2025. These packages, disguised as common development tools, were uploaded to trick developers into installation. Once installed, they silently deployed the ZiChatBot payload without raising alerts.
Securelist analysts identified and named the malware after analyzing samples through their threat analysis pipeline. The analysis revealed that ZiChatBot targets both Windows and Linux systems, posing a cross-platform threat to developers globally. Notably, Kaspersky’s Threat Attribution Engine found a 64% code similarity between ZiChatBot and a previous dropper linked to the OceanLotus APT group.
Malware Tactics and Techniques
ZiChatBot employs Zulip’s public REST API for command and control, blending its malicious traffic with regular developer communications. The malware uses an API token embedded in HTTP requests for authentication, making its operations appear routine.
Operating within Zulip, ZiChatBot utilizes two channel-topic pairs: one for sending basic system data to attackers and another for executing shellcode commands. Post execution, the malware sends a heart emoji to indicate task completion, cleverly masquerading as normal activity.
On Windows, ZiChatBot is a DLL named libcef.dll, loaded by a legitimate executable, vcpktsvr.exe, to maintain persistence. In contrast, the Linux version resides at /tmp/obsHub/obs-check-update, using a crontab entry for continuous access.
Supply Chain Attack via PyPI
The attack initiated with three fake Python libraries uploaded to PyPI, resembling everyday development tools. The packages, uuid32-utils, colorinal, and termncolor, appeared benign but contained droppers for ZiChatBot installation during the library import process.
The termncolor package was particularly deceptive, listing the malicious colorinal package as a dependency, thus triggering the infection chain. The dropper used AES encryption to conceal sensitive data and self-deleted post-deployment, leaving minimal traces.
To mitigate risks, experts recommend adding helper.zulipchat.com to network denylists to detect any outgoing connections to the now-deactivated attacker infrastructure.
Indicators of compromise include specific malicious file names and hashes, detailed in the original report. Security professionals are advised to monitor these indicators within their networks.
For ongoing updates, follow us on Google News, LinkedIn, and X, and set CSN as a preferred source in Google.
