PyPI Supply Chain Attack Linked to OceanLotus Delivers New 'ZiChatBot' Malware Using Chat App for C2

Breaking News — A sophisticated supply chain attack on the Python Package Index (PyPI) has been linked to the notorious OceanLotus threat group, delivering a previously unknown malware called ZiChatBot that repurposes the Zulip team chat app as its command-and-control (C2) infrastructure, according to research released today by Kaspersky.

Since July 2025, attackers uploaded three malicious wheel packages mimicking popular libraries — uuid32-utils, colorinal, and termncolor — which act as droppers for ZiChatBot. The malware targets both Windows (.DLL) and Linux (.SO) platforms, using REST APIs from Zulip instead of a dedicated C2 server.

“Our analysis via the Kaspersky Threat Attribution Engine strongly suggests these packages are linked to OceanLotus,” said a Kaspersky researcher. “This is a carefully planned and executed PyPI supply chain attack designed to slip past traditional defenses.”

Background

OceanLotus (also known as APT32) is a state-sponsored threat group active since at least 2012, known for targeting government, media, and private sector entities in Southeast Asia. The group has previously used supply chain attacks and custom malware to compromise victims.

PyPI, the official third-party software repository for Python, has been increasingly targeted by attackers seeking to distribute malicious packages disguised as legitimate libraries. The recent attacks highlight the ongoing risk to developers who rely on open-source repositories without rigorous vetting.

Technical Details

The attackers created three projects on PyPI. The first, uuid32-utils, was uploaded on July 16 under the author name laz**** (laz****@tutamail.com). Two more — colorinal and termncolor — followed on July 22, linked to email sym****@proton.me.

To further obfuscate the attack, the threat actor uploaded a benign-looking package that lists the malicious one as a dependency. “This shows the group’s sophistication in cover and delivery,” the researcher added.

The packages implement the features described on their PyPI pages (e.g., generating UUIDs or color terminal text), but their true purpose is to silently drop ZiChatBot. Unlike typical malware that communicates with a single C2 server, ZiChatBot uses public REST APIs from Zulip, a free team chat application, making detection harder.

What This Means

This attack represents a significant evolution in supply chain threats. By hijacking a legitimate communication platform, the malware blends in with normal traffic. Developers who unknowingly install these packages could expose their systems to remote control, data exfiltration, or lateral movement.

Kaspersky recommends that developers only install packages from verified publishers, review dependencies carefully, and monitor network traffic for unexpected API calls to chat services. PyPI administrators have since removed the malicious packages, but threat actors may continue to upload variants.

“Organizations should treat every open-source dependency as a potential vector,” the researcher warned. “The use of Zulip as C2 is a reminder that attackers will use any tool at their disposal.”