Cybersecurity researchers have discovered several malicious packages on the Python Package Index (PyPI) that were secretly spreading a new malware family called “ZiChatBot.” The infected packages appeared legitimate but were actually designed to deliver malware to both Windows and Linux systems.
According to security researchers, the malware abused Zulip APIs as command-and-control infrastructure instead of using traditional hacker-controlled servers. This allowed the malicious activity to appear more legitimate and harder to detect.
The fake packages reportedly included names like uuid32-utils, colorinal, and termncolor. Some of these packages even depended on each other to hide the malicious behavior more effectively. Once installed, the malware could drop harmful files onto the victim’s system and execute hidden code in the background.
Researchers believe this was part of a carefully planned software supply chain attack targeting developers and users who trust open-source repositories. The campaign highlights the growing cybersecurity risks within software package ecosystems like PyPI.
Experts recommend that developers carefully verify packages before installation, monitor dependencies, avoid unknown libraries, and use security scanning tools to reduce supply chain risks. Keeping systems updated and reviewing package behavior before deployment can also help prevent infections.
For advanced cybersecurity protection and digital safety solutions, you can explore IntelligenceX.
Top comments (0)