OceanLotus APT Suspected in PyPI Supply Chain Attack Delivering Novel ZiChatBot Malware

Breaking: OceanLotus Linked to PyPI Supply Chain Attack Spreading ZiChatBot Malware

Threat researchers have uncovered a sophisticated supply chain attack on the Python Package Index (PyPI) that began in July 2025, with strong ties to the advanced persistent threat group OceanLotus (also known as APT32 or SeaLotus). The malicious packages, disguised as legitimate Python libraries, are designed to drop a previously unseen malware family dubbed ZiChatBot onto both Windows and Linux systems.

“We submitted samples to the Kaspersky Threat Attribution Engine, and based on the results we strongly believe these packages are linked to OceanLotus,” a Kaspersky researcher told reporters. “This was not a haphazard operation—it was meticulously planned to bypass typical security checks.”

Attack Vector: Fake Libraries on PyPI

Three malicious wheel packages were uploaded to PyPI under the following project names: uuid32-utils, colorinal, and termncolor. Each mimics popular open-source utilities to trick developers into installing them via pip install. The packages contain both .DLL and .SO files, enabling cross-platform compromise.

According to PyPI metadata, uuid32-utils (uploaded July 16 by laz****@tutamail.com) claims to generate 32-character UUIDs, while colorinal and termncolor (uploaded July 22 by sym****@proton.me) purport to handle terminal color formatting. In reality, they function as droppers.

Package Details

• uuid32_utils – Version 1.x.x, platforms: Windows x86/x64 and Linux x86_64
• colorinal – Version 0.1.7, same platform support
• termncolor – Version 3.1.0, platform-agnostic

To further camouflage the attack, the threat actor created a benign-looking package that lists the malicious one as a dependency, silently pulling in ZiChatBot during installation.

ZiChatBot: A Stealthy Malware With Unconventional C2

Once delivered, ZiChatBot does not connect to a traditional command-and-control server. Instead, it leverages the REST APIs of Zulip, a public team chat application, to issue instructions and exfiltrate data. This technique allows the malware to blend in with legitimate traffic and evade network-based detection.

“Using a legitimate chat platform as C2 infrastructure is a growing trend among advanced adversaries,” explained a Kaspersky malware analyst. “ZiChatBot’s use of Zulip APIs is particularly clever because the traffic appears normal to most security tools.”

Background: OceanLotus and Supply Chain Threats

OceanLotus is a Vietnamese-linked APT group known for targeting government agencies, media outlets, and private companies—particularly in Southeast Asia. The group has previously used spear-phishing and strategic web compromises, but this marks its first publicly identified PyPI supply chain attack.

PyPI has become an attractive vector for attackers because a single malicious package can infect hundreds of downstream projects. In 2024 alone, several similar attacks were recorded, but this campaign stands out for its cross-platform payload and third-party C2 infrastructure.

What This Means

This attack underscores the critical importance of software supply chain security. Developers and organizations that rely on open-source packages must verify the authenticity of libraries, check upload dates and author information, and prefer trusted mirrors.

“The security community responded quickly—the malicious packages were taken down after we reported them—but the incident proves that even curated repositories remain vulnerable,” the Kaspersky team warned. “We recommend using dependency analyzers and behavioral sandboxes to detect such threats during the CI/CD pipeline.”

Organizations should also monitor for unusual outbound traffic to chat APIs, especially Zulip, as a sign of ZiChatBot infection. The use of public communication platforms as C2 channels is likely to increase, requiring security teams to update their detection rules accordingly.