Malicious Packages Exploiting PyPI in Targeted Supply Chain Attack
TL;DR: Recent research by Kaspersky uncovered a series of malicious Python packages uploaded to PyPI, leveraging a supply chain attack to deliver a new malware identified as ZiChatBot. The malware operates without a traditional command and control server, instead utilizing Zulip’s REST API for its operations.
Main Analysis:
The investigation initiated in July 2025 revealed a strategic campaign targeting PyPI users by embedding malicious code within seemingly legitimate Python libraries. These libraries, including uuid32-utils, colorinal, and termncolor, were crafted to mimic popular functionalities, tricking users into installing them. Once these packages were installed, they acted as droppers, deploying the ZiChatBot malware, designed to target both Windows and Linux environments.
Kaspersky’s analysis indicates that these packages were intricately designed, with the malicious payloads hidden within dependencies of other benign packages. The attacker exhibited a sophisticated understanding of Python’s package management, deepening the threat vector through a supply chain mechanism. Images provided in the report illustrate the infection chain, showcasing how a user might inadvertently import the malicious colorinal library, which in turn executes the actual malware.
Once executed, ZiChatBot demonstrates unique command and control mechanics by interfacing with Zulip’s public APIs as opposed to utilizing a more typical server-based communication model. This approach complicates standard detection methods, as the malware masquerades within legitimate API traffic.
Defensive Context:
Organizations relying on Python for application development and deployment need to be particularly vigilant, as developers might unknowingly incorporate compromised packages into their projects. The attack specifically impacts environments that utilize PyPI for package management, particularly those where developers do not rigorously vet dependencies and their sources.
Why This Matters:
The targeted exploitation of popular package repositories illustrates an evolving threat landscape where attackers are leveraging supply chain vulnerabilities to distribute malware. Organizations that heavily depend on Python libraries for development may find themselves at risk unless their software supply chains are rigorously monitored.
Defender Considerations:
Given the nature of this attack, swift identification and prevention strategies should focus on the following malicious packages:
uuid32-utilscolorinaltermncolor
Detection rules may need to be adapted to monitor for unusual interactions with Zulip’s API, especially from Python processes. Further, the implementation of strict vetting processes for third-party libraries can help mitigate exposure.
Indicators of Compromise (IOCs):
- Malicious wheel packages:
uuid32_utils-1.x.x-py3-none-[OS]colorinal-0.1.7-py3-none-[OS]termncolor-3.1.0-py3-none-any
In the face of evolving tactics such as these, continuous education and awareness within the development community are paramount to safeguarding against supply chain threats.
