OceanLotus APT Group Suspected in PyPI Supply Chain Attack Delivering Novel ZiChatBot Malware
PyPI Supply Chain Attack Linked to OceanLotus APT Group
Security researchers have uncovered a sophisticated supply chain attack on the Python Package Index (PyPI) that is delivering a previously unknown malware family called ZiChatBot. The attack is suspected to be the work of the OceanLotus threat group (also known as APT32).
Beginning in July 2025, malicious wheel packages were uploaded to PyPI, mimicking legitimate libraries to trick developers. The packages were removed after the security community was alerted, but not before potential infections occurred.
Key Findings
- Malicious Packages: Three fake libraries were identified:
uuid32-utils,colorinal, andtermncolor. They claimed to offer utility functions but secretly dropped .DLL or .SO payloads targeting both Windows and Linux. - ZiChatBot Malware: The final payload, named ZiChatBot, uses the public team chat app Zulip as its command-and-control (C2) infrastructure via REST APIs, avoiding traditional C2 servers.
- Attribution: Samples were submitted to Kaspersky Threat Attribution Engine (KTAE) and linked to OceanLotus based on prior threat intelligence.
“The attacker employed a novel technique to evade detection by using a benign-looking package as a dependency to conceal the malicious one,” said a Kaspersky researcher. “This is a carefully planned supply chain attack.”
Technical Details
The infection chain begins when a developer installs one of the fake libraries via pip install. The packages execute as droppers, delivering the ZiChatBot payload. The colorinal library serves as a representative example.
The packages provided platform-specific wheels (X86, X64 for Windows; x86_64 for Linux). The attacker used email accounts from TutaMail and ProtonMail to register the packages.
Package Metadata
| Package | Pip Command | First Upload | Author Email |
|---|---|---|---|
| uuid32-utils | pip install uuid32-utils | 2025-07-16 | laz****@tutamail.com |
| colorinal | pip install colorinal | 2025-07-22 | sym****@proton.me |
| termncolor | pip install termncolor | 2025-07-22 | sym****@proton.me |
Background
OceanLotus (APT32) is a Vietnam-linked advanced persistent threat group known for cyber espionage operations targeting governments, media, and private sector organizations. PyPI supply chain attacks have become a favored vector for distributing malware due to the trust developers place in open-source repositories.
In recent years, similar attacks have targeted npm, RubyGems, and PyPI. The use of Zulip as C2 infrastructure is unusual, allowing malware to blend in with legitimate chat traffic.
What This Means
Developers using PyPI should verify package authenticity before installation, especially those mimicking popular libraries. Organizations should monitor for unusual network traffic to Zulip API endpoints as an indicator of compromise.
The discovery underscores the need for enhanced security measures in open-source ecosystems. “This attack shows that threat actors are evolving their techniques to evade traditional defenses,” added the Kaspersky researcher.
Users who installed any of the three packages between July and August 2025 should scan their systems and rotate credentials immediately.