cybersecurity researchers have identified three malicious packages uploaded to the Python Package Index (PyPI) repository. These packages are designed to covertly deliver a previously undocumented malware family, dubbed ZiChatBot, targeting both Windows and Linux operating systems.
According to an analysis by Kaspersky, the packages appear to implement the features advertised on their PyPI pages. However, their primary function is to install malicious files without the user’s knowledge. The discovery highlights an ongoing trend of threat actors using trusted open-source repositories to distribute malware.
Malware Distribution Method
The malicious packages use a technique known as typosquatting, where the package names are slight misspellings of popular, legitimate libraries. Once installed, these packages connect to the Zulip API, a legitimate open-source team collaboration platform. The attackers use this connection to receive commands and download additional payloads.
Kaspersky’s investigation found that the ZiChatBot malware is capable of establishing persistent backdoor access to infected systems. On Windows machines, it can execute system commands, steal sensitive data, and download further malicious software. On Linux systems, it similarly provides remote access and control to the attacker.
Technical Analysis
The researchers noted that the malicious wheel packages contain a seemingly normal Python module. When imported, the module executes code that checks the system’s operating system and then establishes a connection to a Zulip server controlled by the threat actor. This server acts as a command-and-control (C2) channel.
Unlike many modern malware families that rely on encrypted or custom C2 protocols, ZiChatBot exploits the legitimate API of Zulip. This makes network detection more difficult, as traffic to Zulip servers may appear benign or work-related. The malware receives configuration commands and payloads through Zulip messages, and exfiltrates data in the same manner.
Targeted Platforms and Capabilities
ZiChatBot’s capabilities vary depending on the target operating system. On Windows, it can manipulate files, capture keystrokes, and take screenshots. It also includes functionality to run shell commands and maintain persistence through scheduled tasks or registry modifications.
On Linux systems, the malware focuses on maintaining remote shell access and executing arbitrary commands. It does not currently include keystroke logging or screenshot capabilities for Linux, but its modular structure suggests these features could be added in future updates.
Implications for Developers and Organizations
The discovery underscores a critical security risk within the software supply chain. Developers who install packages from PyPI without verifying their integrity or origin may inadvertently compromise their systems and networks. Organizations that rely on open-source dependencies are particularly vulnerable.
Security experts recommend that development teams implement strict verification processes for third-party packages. This includes checking package checksums, reviewing source code when possible, and using tools that scan for known malicious signatures. The use of isolated development environments and network monitoring can also help mitigate the damage from such attacks.
Ongoing Risks and Mitigation
As of the time of this report, Kaspersky has notified the PyPI security team about the three malicious packages. The packages have been removed from the repository, but similar threats are expected to emerge. Threat actors continuously adapt their tactics, often using legitimate services like Zulip to evade detection.
Organizations and individual developers are advised to remain vigilant. Implementing policies for package vetting, maintaining up-to-date threat intelligence, and educating developers about typosquatting and social engineering techniques are essential steps. Future attacks will likely continue to exploit the trust inherent in open-source ecosystems.
Source: Kaspersky
