OceanLotus Exploits PyPI in Sophisticated Supply Chain Attack, Deploys Novel 'ZiChatBot' Malware
Attack Details
July 2025 — Security researchers at Kaspersky have identified a sophisticated supply chain attack targeting the Python Package Index (PyPI), linked to the notorious threat group OceanLotus (also known as APT32). The attackers uploaded three malicious wheel packages—uuid32-utils, colorinal, and termncolor—disguised as legitimate libraries, to deliver a previously undocumented malware family dubbed ZiChatBot.
“Our threat attribution engine strongly suggests these packages are connected to OceanLotus,” said Dr. Maria Petrova, lead threat researcher at Kaspersky. “This is a carefully orchestrated campaign that abuses public trust in open-source repositories.”
According to the investigation, the malicious packages function as droppers, deploying either .DLL or .SO files that target both Windows and Linux platforms. Unlike conventional malware, ZiChatBot does not rely on a dedicated command-and-control (C2) server; instead, it leverages REST APIs from the public team chat application Zulip for its C2 communications.
The attack began in July 2025, with the first package uuid32-utils appearing on July 16, followed by colorinal and termncolor on July 22. The packages were authored under pseudonymous emails (laz****@tutamail.com and sym****@proton.me) and designed to mimic popular Python libraries to trick developers into installing them. The colorinal package, for example, claimed to offer cross-platform color terminal text but secretly executed a downloader chain.
To further conceal the attack, the threat actors created a benign-looking package that included the malicious colorinal as a dependency. “This confirms that the campaign is a carefully planned and executed PyPI supply chain attack,” Petrova added.
Background
OceanLotus, also known as APT32, is a state-sponsored threat group active since at least 2012, primarily targeting government, media, and private-sector entities in Southeast Asia. The group is known for its advanced persistent threat (APT) operations and has previously used watering holes, spear-phishing, and custom backdoors.
PyPI, the official third-party software repository for the Python programming language, has been increasingly targeted by malicious actors. Supply chain attacks via PyPI allow attackers to infiltrate software development pipelines, often by publishing packages with names similar to popular libraries (typosquatting) or by compromising legitimate maintainer accounts.
The malware family discovered in this attack, ZiChatBot, represents a novel approach to C2 infrastructure. “By using public chat APIs like Zulip, the malware becomes much harder to detect and block,” explained James Chen, threat intelligence analyst at Kaspersky. “This is a trend we expect to see more of.”
Kaspersky reported the malicious packages to the PyPI security team, and they were promptly removed. However, the researchers warn that similar campaigns may already be in progress.
What This Means
This attack highlights the growing sophistication of supply chain threats targeting open-source ecosystems. Developers and organizations that rely on PyPI should exercise heightened vigilance, including verifying package authenticity and using tools to scan dependencies for suspicious behavior.
The use of legitimate third-party services like Zulip for C2 communications makes traditional network-based detection methods less effective. Security teams should monitor for unusual API calls to public chat services from internal systems.
Furthermore, the multi-platform nature of ZiChatBot (Windows and Linux) underscores the need for cross-platform security monitoring. “This is not just a Python problem; it’s a trust problem in the entire open-source software supply chain,” Petrova noted.
Kaspersky strongly recommends that users who installed any of the three affected packages (uuid32-utils, colorinal, termncolor) between July 16 and the present take immediate action: remove the packages, run a full system scan, and rotate any credentials that may have been exposed.