All Tech Blogs Explore Tags Send Feedback

Endigest

© 2026 Endigest. All rights reserved.

About
Privacy
Terms
Contact
RSS

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux | Endigest

The Hacker News

|Security

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

2026-05-07

1 min read

2

by info@thehackernews.com (The Hacker News)

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Email address

Endigest AI Core Summary

PyPI packages were exploited to deliver ZiChatBot malware through a supply chain attack on Windows and Linux systems.

•Three packages (uuid32-utils, colorinal, termncolor) uploaded July 16-22, 2025, used Zulip REST APIs as C2 infrastructure
•Windows version drops a DLL with auto-run registry persistence; Linux version plants code in /tmp with crontab entries
•Malware executes shellcode and signals success with a heart emoji response
•Kaspersky identified 64% similarity to OceanLotus dropper, indicating possible APT32 involvement

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Related Articles

Building a safe, effective sandbox to enable Codex on Windows

Security·2026-05-15

Mitigate credential exposure in Windows environments with Boundary and Vault

Security·2026-05-14

The Hacker News

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

Security·2026-05-13

The Hacker News

[Webinar] Why Your AppSec Tools Miss the "Lethal Path" (and How to Fix It)

Security·2026-05-13