{ "id": "a47727ac-ff6f-4899-be14-acb4a8e5aad5", "created_at": "2026-05-07T02:42:58.62219Z", "updated_at": "2026-05-07T02:44:10.984096Z", "deleted_at": null, "sha1_hash": "a34957c7b9599da3df50f600fd49edd62131deda", "title": "Securelist | Kaspersky’s threat research and reports", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1057247, "plain_text": "Securelist | Kaspersky’s threat research and reports\r\nPublished: 2026-04-16 · Archived: 2026-05-07 02:40:26 UTC\r\nKaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and\r\ncontained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.\r\nThreats\r\nhttps://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/\r\nPage 1 of 5\n\nWebinars\r\nhttps://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/\r\nPage 2 of 5\n\nhttps://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/\r\nPage 3 of 5\n\nRegister to Access All Kaspersky Webinars\r\nKaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to\r\nOctober 2025, which are based on anonymized data voluntarily provided by Kaspersky users via Kaspersky\r\nSecurity Network (KSN).\r\nReports\r\nKaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and\r\ncontained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.\r\nhttps://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/\r\nPage 4 of 5\n\nThe Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute\r\nValleyRAT and the new ABCDoor backdoor.\r\nKaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka\r\nMustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.\r\nKaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a\r\nkernel-mode rootkit to deliver and protect a ToneShell backdoor.\r\nSource: https://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/\r\nhttps://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/\r\nPage 5 of 5\n\n https://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/ \nRegister to Access All Kaspersky Webinars \nKaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to\nOctober 2025, which are based on anonymized data voluntarily provided by Kaspersky users via Kaspersky\nSecurity Network (KSN). \nReports \nKaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and\ncontained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.\n Page 4 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://de.securelist.com/malware-entwicklung-im-ersten-halbjahr-2007/59574/" ], "report_names": [ "59574" ], "threat_actors": [], "ts_created_at": 1778121778, "ts_updated_at": 1778121850, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a34957c7b9599da3df50f600fd49edd62131deda.pdf", "text": "https://archive.orkl.eu/a34957c7b9599da3df50f600fd49edd62131deda.txt", "img": "https://archive.orkl.eu/a34957c7b9599da3df50f600fd49edd62131deda.jpg" } }