OceanLotus Hackers Suspected in PyPI Supply Chain Attack Deploying Novel ZiChatBot Malware
Breaking: OceanLotus Suspected in PyPI Supply Chain Attack
A sophisticated supply chain attack on the Python Package Index (PyPI) has been linked to the notorious OceanLotus threat group, according to new research. The attackers uploaded malicious wheel packages starting in July 2025 that deliver a previously unknown malware family dubbed ZiChatBot. Instead of a traditional command-and-control (C2) server, ZiChatBot abuses REST APIs from the public team chat app Zulip.
“The packages are carefully crafted to mimic popular libraries, but their true purpose is to drop DLL or SO files on target systems,” said a senior threat analyst at Kaspersky. “We submitted samples to our Threat Attribution Engine, and the findings strongly suggest involvement by OceanLotus.” The campaign is believed to be a deliberate, multi-platform attack targeting both Windows and Linux environments.
Background: OceanLotus and PyPI Threats
OceanLotus, also known as APT32 or SeaLotus, is a state-sponsored hacking group active since at least 2012. The group has traditionally targeted government, media, and private-sector entities in Southeast Asia, often using phishing and supply chain compromises. PyPI, a critical repository for Python developers, has increasingly become a vector for such attacks.
“Attackers routinely register packages with names similar to legitimate ones to trick developers,” explained a cybersecurity researcher at Recorded Future. “This OceanLotus campaign is alarming because it uses a multi-stage dropper that adapts to the target platform.” The malicious packages found include uuid32-utils, colorinal, and termncolor, each uploaded by accounts with protonmail or tutamail addresses.
Technical Details: The Malicious Packages
Three PyPI projects were used in the attack: uuid32-utils (first uploaded July 16, 2025), colorinal and termncolor (both July 22, 2025). The packages provide Windows x86/x64 and Linux x86_64 versions. All are wheel packages that install legitimate-looking functionality while secretly dropping the ZiChatBot payload.
“The infection chain is similar between uuid32-utils and colorinal,” the Kaspersky analyst noted. “Once installed, the legitimate features execute, but the package also deploys a hidden DLL or shared library.” The dropper then loads ZiChatBot, which communicates with Zulip’s REST APIs—making detection harder because traffic appears to be normal chat activity.
What This Means for Developers and Organizations
Developers who download and install any of the three fake packages may have unknowingly compromised their systems. The ZiChatBot malware can persist, steal data, or act as a backdoor. Because it uses Zulip APIs, it bypasses traditional network monitoring focused on dedicated C2 servers.
“Organizations should immediately review their Python dependency lists for these package names,” urged a security engineer from PyPI’s abuse team. “If found, treat the system as compromised and conduct a full forensic audit.” The malicious packages have been removed from PyPI, but anyone who installed them earlier remains at risk.
The attack also highlights the growing sophistication of PyPI supply chain attacks. “This is not a simple typosquatting trick; the threat actors built convincing libraries with real features,” emphasized the Kaspersky analyst. “Developers must vet every dependency, even those that appear legitimate.”