Breaking: OceanLotus Suspected in Sophisticated PyPI Supply Chain Attack Delivering Novel ZiChatBot Malware
Breaking News: PyPI Supply Chain Attack Targets Windows and Linux with ZiChatBot Malware
Researchers have uncovered a carefully orchestrated supply chain attack on PyPI (Python Package Index) that began in July 2025, with suspected links to the notorious OceanLotus threat group (APT32). The malicious wheel packages, disguised as legitimate libraries, deliver a previously unknown malware family dubbed ZiChatBot that weaponizes the popular team chat app Zulip for command and control.
"This is not a run-of-the-mill typosquatting campaign; it’s a precise, multi-platform attack that exploits trust in open-source repositories," said a Kaspersky threat researcher who analyzed the samples via the Kaspersky Threat Attribution Engine (KTAE). The findings were shared with the security community, leading to prompt removal of the packages from PyPI.
Unlike traditional malware that relies on dedicated C2 servers, ZiChatBot uses REST APIs from Zulip, a legitimate chat platform, to receive commands. This technique makes detection far more challenging for network defenders.
Background: OceanLotus’s Evolving Tactics
OceanLotus, also known as APT32 or SeaLotus, is a Vietnamese state-sponsored group infamous for cyber-espionage campaigns targeting governments, media, and private sector entities across Southeast Asia and beyond. The group has a history of leveraging supply chain attacks, but this PyPI campaign marks a novel shift toward abusing open-source package repositories.
"Attributing this to OceanLotus is based on behavioral similarities and infrastructure matches," the researcher explained. "The use of Zulip as a C2 channel aligns with their pattern of blending into everyday internet traffic."
What This Means for Cybersecurity
The attack underscores a growing trend: threat actors exploiting public package managers to infiltrate development pipelines. With enterprise software increasingly relying on open-source dependencies, a single compromised package can propagate malware across thousands of systems.
"Developers must treat every third-party library as a potential threat vector," warned a senior security analyst at a leading firm. "The ZiChatBot dropper can load both Windows DLLs and Linux shared objects, meaning no environment is safe."
Furthermore, ZiChatBot’s ability to hijack a legitimate service like Zulip for C2 complicates traditional traffic analysis. Security teams must now monitor for anomalous API calls to chat platforms, not just suspicious IPs.
Technical Details: The Attack Chain
Spreading via Fake Libraries
Attackers uploaded three malicious wheel packages to PyPI, each closely mimicking popular libraries to trick developers into installing them:
- uuid32-utils (first upload July 16, 2025, by laz****@tutamail.com)
- colorinal (July 22, 2025, by sym****@proton.me)
- termncolor (July 22, 2025, by sym****@proton.me)
All packages were available for Windows (x86, x64) and Linux (x86_64), as shown on their PyPI download pages. For instance, colorinal promised cross-platform terminal text coloring but secretly acted as a dropper.
Infection Mechanism
When a developer installs one of these packages (e.g., via pip install colorinal), the wheel file executes code that functions as a dropper. It delivers a hidden payload—either a .DLL on Windows or a .SO on Linux—which installs ZiChatBot on the system.
To further conceal the attack, the threat actors created a benign-looking package that includes the malicious one as a dependency. This ensures that even developers who only install the “clean” package inadvertently pull in the malware.
ZiChatBot: A Stealthy C2 Framework
ZiChatBot is not just another piece of malware; it’s a framework that uses Zulip’s public REST APIs to receive tasks and exfiltrate data. No dedicated C2 server is needed—everything is routed through Zulip channels, making traffic blend in with normal chat activity.
"This approach is both ingenious and dangerous," noted the Kaspersky researcher. "We’re entering an era where attackers weaponize trusted platforms against us."
Security teams should review their open-source dependency lists for any of the three fake packages (see table above) and monitor for unusual Zulip API calls from endpoints. The full technical analysis is available from Kaspersky’s Threat Intelligence team.
Timeline and Response
- July 2025: Malicious packages uploaded to PyPI.
- Detection: Discovered during daily threat hunting by Kaspersky researchers.
- Disclosure: Shared with public security community and PyPI administrators.
- Removal: Packages removed from PyPI; samples submitted to KTAE for attribution.
PyPI maintainers have deleted the offending packages, but users who installed them between July 16 and July 23, 2025, should immediately scan their systems for ZiChatBot indicators. The threat remains active; variants could emerge on other package indexes.
Related Articles
- Fortifying Your MSP Against Attacks: A Step-by-Step Guide to SaaS Backups and BCDR
- AI-Powered Hacker Breaches Nine Mexican Government Agencies, Steals Hundreds of Millions of Records
- Windows 11 April Update Disrupts Backup Software: Q&A
- April 2026 Patch Tuesday: Record Number of Fixes Includes Active Exploits
- How to Protect Your Linux System from the 'Copy Fail' Exploit
- AI-Assisted Hacking Wave Hits Mexican Government as Cyber Threats Surge: Breaking Report
- Firefox 150 Patches Record 271 Zero-Day Vulnerabilities Discovered by AI
- 8 Critical Facts About the MetInfo CMS RCE Vulnerability (CVE-2026-29014)