OceanLotus APT Suspected in Stealthy PyPI Attack Delivering Novel ZiChatBot Malware

Breaking: OceanLotus Tied to PyPI Supply Chain Attack Spreading ZiChatBot

Security researchers have uncovered a sophisticated supply chain attack targeting the Python Package Index (PyPI), with strong indicators linking it to the advanced persistent threat (APT) group OceanLotus. The campaign, active since July 2025, leverages three malicious wheel packages to drop a previously undocumented malware family dubbed ZiChatBot.

According to analysis by Kaspersky's Threat Attribution Engine (KTAE), the attack demonstrates a high degree of planning. The packages—uuid32-utils, colorinal, and termncolor—masquerade as legitimate libraries but function as droppers. “This is a carefully orchestrated supply chain compromise targeting both Windows and Linux environments,” said Alexandra Kuznetsova, head of threat research at Kaspersky.

How the Attack Works

The threat actors uploaded wheel packages designed to mimic popular tools: a UUID generator, cross-platform terminal color support, and ANSI color formatting. Each package includes either a .DLL or .SO file as the hidden payload. Once installed, these files silently deploy ZiChatBot.

Unlike typical malware that communicates with a dedicated command-and-control (C2) server, ZiChatBot abuses the Zulip team chat platform. It uses a series of REST APIs within Zulip as its C2 infrastructure, making detection far more difficult. “This novel communication method evades traditional network monitoring tools,” explained Kuznetsova.

Background: OceanLotus and PyPI Risks

OceanLotus, also tracked as APT32 or SeaLotus, is a Vietnamese state-sponsored group known for targeting foreign governments, media, and private sector entities. Their previous campaigns have involved watering-hole attacks, spear-phishing, and custom malware. PyPI, a public repository for Python packages, has increasingly become a vector for supply chain attacks due to its widespread use in development pipelines.

This incident mirrors earlier attacks where threat actors uploaded fake packages with typo-squatted names. However, the inclusion of both Windows and Linux variants signals a broader operational scope. “The attackers invested significant effort to ensure the packages behave as advertised while secretly delivering malware,” added Kuznetsova.

Technical Details of the Malicious Packages

The three packages were first spotted by Kaspersky's daily threat hunting. The earliest upload occurred on July 16, 2025, for uuid32-utils, attributed to a developer using a Tutanota email (laz****@tutamail.com). The other two—colorinal and termncolor—were uploaded on July 22 by an account using ProtonMail (sym****@proton.me).

Download counts remain unclear, but the packages offered multiple platform-specific wheels: X86 and X64 for Windows, and x86_64 for Linux. A benign-looking dependency chain was also used to hide the malicious package. “This layered obfuscation shows the attackers' familiarity with PyPI's ecosystem,” noted Kuznetsova.

What This Means for Developers and Enterprises

The ZiChatBot campaign underscores the evolving threat to open-source software supply chains. Developers and security teams must exercise extreme caution when installing packages from repositories like PyPI. Organizations should implement strict dependency auditing and runtime monitoring for unexpected API calls to services like Zulip.

Additionally, this attack highlights the value of threat intelligence and community collaboration. Kaspersky shared its findings with the PyPI security team, leading to the removal of the malicious packages. “Proactive threat hunting and quick disclosure are our best defenses against such stealthy attacks,” concluded Kuznetsova. Affected users should scan systems for indicators of compromise and report any suspicious activity to their security vendors.

Further updates will follow as Kaspersky continues its investigation into OceanLotus's broader activities and potential links to other campaigns.