OceanLotus Group Infiltrates PyPI in Sophisticated Supply Chain Attack, Delivering Novel ZiChatBot Malware

Breaking News: OceanLotus Strikes Python Package Index

Security researchers have uncovered a targeted supply chain attack on the Python Package Index (PyPI) linked to the notorious OceanLotus threat group. The attack, active since July 2025, uses malicious wheel packages to stealthily deliver a previously unknown malware family named ZiChatBot.

OceanLotus Group Infiltrates PyPI in Sophisticated Supply Chain Attack, Delivering Novel ZiChatBot Malware — Source: securelist.com

Key finding: The malware leverages public REST APIs from the team chat app Zulip as its command-and-control (C2) infrastructure, avoiding traditional C2 servers. This novel technique makes detection and takedown more challenging.

Attack Details

Malicious Packages Identified

Three fake libraries were uploaded to PyPI: uuid32-utils, colorinal, and termncolor. Their names mimic popular utilities to trick developers into downloading them via pip.

According to PyPI metadata, the packages were first uploaded on July 16 and July 22, 2025. The authors used encrypted email services — Tutanota and ProtonMail — to hide their identities.

Analysis by Kaspersky’s Threat Attribution Engine (KTAE) linked the packages to OceanLotus, an advanced persistent threat group. “The attacker created a benign-looking package that included the malicious one as a dependency, confirming a carefully planned campaign,” said a Kaspersky researcher.

Infection Mechanism

The wheel packages act as droppers. Once installed, they deliver either a .DLL (Windows) or .SO (Linux) shared library payload. This enables the malware to target both platforms.

These libraries execute a two-stage infection: first downloading a secondary payload, then deploying ZiChatBot. The malware communicates over Zulip’s REST APIs, blending in with legitimate traffic.

Background

OceanLotus (also known as APT32 or SeaLotus) is a state-sponsored group primarily targeting Southeast Asian countries. It has previously used watering holes and spear-phishing to deploy custom malware.

PyPI, the official third-party software repository for Python, has become a frequent vector for supply chain attacks. Recent incidents include malicious packages that exfiltrate environment variables or install cryptominers.

What This Means

This attack underscores the need for developers to verify the integrity of open-source dependencies before installing. The use of Zulip as C2 highlights how attackers weaponize legitimate services to evade detection.

Security teams should monitor for suspicious Zulip API calls and restrict outbound traffic to known benign services. Enterprises using Python packages should audit their dependencies for these specific libraries.

“Supply chain attacks are on the rise, and this one shows a high degree of sophistication,” commented a CISA spokesperson. “We recommend organizations implement software bill of materials (SBOM) practices.”