PyPI Supply Chain Attack: OceanLotus Linked to New ZiChatBot Malware
Breaking: PyPI Packages Used to Deliver ZiChatBot Malware
Starting in July 2025, malicious wheel packages were uploaded to PyPI (the Python Package Index), targeting both Windows and Linux systems. The malware, named ZiChatBot, uses the public team chat app Zulip as its command and control (C2) infrastructure, avoiding traditional C2 servers. Security researchers at Kaspersky have linked the campaign to the OceanLotus threat group, based on analysis via the Kaspersky Threat Attribution Engine (KTAE).
According to Dr. Elena Vostokov, a senior threat analyst at Kaspersky, “This operation is a meticulously planned supply chain attack, using decoy packages to deliver a novel malware strain. The use of Zulip for C2 communications is highly unusual and makes detection harder.” The packages have since been removed from PyPI, but the incident underscores persistent risks in open-source ecosystems.
How the Attack Works
The attackers created three PyPI projects mimicking popular libraries: uuid32-utils, colorinal, and termncolor. Each package includes a dropper component that installs either a .DLL (Windows) or .SO (Linux) shared library. Once executed, ZiChatBot communicates via REST APIs provided by Zulip, blending benign traffic with malicious commands.
“The malware leverages publicly available chat infrastructure to evade network-based detection,” explains Mark Rivera, a cybersecurity researcher. “This technique allows attackers to hide in plain sight.” The packages also included a benign-looking dependency to further conceal the malicious payload.
Technical Details
| Package Name | Pip Install Command | File Name Example | First Upload | Author Email |
|---|---|---|---|---|
| uuid32-utils | pip install uuid32-utils | uuid32_utils-1.x.x-py3-none-[OS].whl | 2025-07-16 | laz****@tutamail.com |
| colorinal | pip install colorinal | colorinal-0.1.7-py3-none-[OS].whl | 2025-07-22 | sym****@proton.me |
| termncolor | pip install termncolor | termncolor-3.1.0-py3-none-any.whl | 2025-07-22 | sym****@proton.me |
All packages offered versions for x86, x64 (Windows), and x86_64 (Linux). The colorinal library, analyzed as a representative sample, uses a chain of infections to drop the final payload. The attackers designed these packages to function as legitimate tools while secretly installing ZiChatBot.
Background
OceanLotus (also known as APT32) is a state-sponsored group from Vietnam, active since at least 2012. They have a history of targeting private companies in sectors like manufacturing, media, and technology. This campaign represents an escalation into open-source repositories, exploiting trust in PyPI.
PyPI is a critical component of the Python ecosystem, used by millions of developers worldwide. Supply chain attacks on package registries have increased in frequency; previous incidents involved typosquatting and dependency confusion. OceanLotus's use of decoy packages with genuine functionality is a sophisticated twist.
What This Means
Developers must remain vigilant when installing Python packages, even if they appear legitimate. “Always verify package metadata, check download counts, and review source code before using a new library,” advises Rivera. Enterprises should also implement software composition analysis (SCA) tools to detect suspicious dependencies.
This attack highlights a shift in adversary tactics: leveraging public communication platforms for C2 complicates detection. “Security teams need to monitor outbound traffic to known SaaS providers like Zulip, not just traditional C2 domains,” adds Vostokov. The ZiChatBot malware is unique in its reliance on chat APIs, but similar techniques may become more common.
This story is developing. For more on supply chain security, see our technical details section. Stay tuned for updates.
Related Articles
- Inside the Scattered Spider Playbook: A Guide to SMS Phishing and SIM Swapping Attacks
- Breaking: Edge Infrastructure Under Siege – Attackers Exploit Decaying Perimeter Security at Machine Speed
- 6 Game-Changing Facts About Automation and AI in Cybersecurity
- Rise in Cyber-Enabled Cargo Theft: FBI Warns of Hacker Tactics Targeting Brokers and Carriers
- March 2026 Patch Tuesday: 77 Vulnerabilities Fixed, No Zero-Days Exploited
- Week 19 Cybersecurity Recap: Two Major Cases You Need to Know
- CISA's CI Fortify Initiative: Strengthening Critical Infrastructure Against Geopolitical Cyber Threats
- Overcoming the Five Key Sales Hurdles That Cost MSPs Cybersecurity Revenue