PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

Kaspersky researchers uncovered three malicious Python packages on PyPI that deliver ZiChatBot, a previously undocumented malware strain targeting Windows and Linux systems.

The three packages masquerade as legitimate tools while implementing advertised features to avoid detection. Their actual payload deploys ZiChatBot covertly during installation. The malware exploits Zulip APIs, a legitimate team communication platform, to establish command-and-control infrastructure.

The attack chain works by bundling malicious code within wheel packages, the binary distribution format for Python. When developers install these packages via pip, the malware executes alongside legitimate functionality. This dual-purpose approach helps the packages evade initial scrutiny from both automated scanning and manual review.

ZiChatBot's use of Zulip APIs represents a supply chain attack variant. Rather than hosting traditional C2 servers, the malware leverages a legitimate third-party service for command delivery. This technique reduces detection surface since communications blend with ordinary Zulip traffic.

The timing of this discovery reflects broader threats targeting Python's ecosystem. PyPI hosts hundreds of thousands of packages with varying security standards. Attackers routinely abuse this trust by uploading packages with minor naming variations (typosquatting) or by compromising legitimate projects. The Python community relies heavily on package managers, making PyPI a high-value target.

Organizations running Python-based applications face direct risk. Developers who installed these packages during the window of availability have malware-infected environments. The infection persists across system reboots since ZiChatBot likely achieves persistence through standard mechanisms like cron jobs or systemd services on Linux, or scheduled tasks on Windows.

Kaspersky did not disclose the specific package names in initial reporting, a practice that sometimes prevents immediate exploitation while developers patch systems. However, PyPI likely removed the packages