APT Group OceanLotus Suspected in PyPI Supply Chain Attack Delivering Novel ZiChatBot Malware

Overview of the Attack

In July 2025, cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Python Package Index (PyPI). A series of malicious wheel packages were uploaded, masquerading as legitimate libraries. Upon analysis, these packages were linked to the notorious Advanced Persistent Threat (APT) group known as OceanLotus (also tracked as APT32 or SeaLotus). The ultimate goal was to deploy a previously unseen malware family named ZiChatBot, which leverages the Zulip team chat platform for command-and-control (C2) communication.

APT Group OceanLotus Suspected in PyPI Supply Chain Attack Delivering Novel ZiChatBot Malware — Source: securelist.com

Technical Breakdown

Spreading Through PyPI

The attackers created three PyPI projects, each containing wheel packages designed to mimic popular libraries. This tactic is a classic example of a supply chain attack, tricking unsuspecting users into downloading malicious code. The fake libraries included:

uuid32-utils – purported to generate 32-character random UUID strings
colorinal – claimed to implement cross-platform color terminal text
termncolor – presented as an ANSI color formatter for terminal output

The table below summarizes the key metadata for these packages:

Pip Install Command	File Name	First Upload Date	Author / Email
`pip install uuid32-utils`	`uuid32_utils-1.x.x-py3-none-[platform].whl`	2025-07-16	laz** / laz**@tutamail.com
`pip install colorinal`	`colorinal-0.1.7-py3-none-[platform].whl`	2025-07-22	sym** / sym**@proton.me
`pip install termncolor`	`termncolor-3.1.0-py3-none-any.whl`	2025-07-22	sym** / sym**@proton.me

The packages offered builds for Windows (x86, x64) and Linux (x86_64), highlighting the attackers' intent to target multiple operating systems.

Malicious Packages Behavior

While the wheel packages implemented the advertised features (e.g., UUID generation or color formatting), their true purpose was to covertly deliver malicious files. These files came in two forms: .DLL for Windows and .SO (shared library) for Linux. The packages acted as droppers, extracting and executing the final payload—ZiChatBot.

Infection Chain

Analysis of the colorinal library revealed a typical infection chain. Once installed, the library would download and execute the malicious shared library. The attacker also created a benign-looking package that included the malicious package as a dependency, further concealing the attack. This multi-step approach confirms that the campaign was carefully planned and executed.

The ZiChatBot Payload

ZiChatBot is a novel malware family that does not rely on a traditional command-and-control (C2) server. Instead, it communicates via a series of REST APIs provided by the public team chat application Zulip. This technique allows the malware to blend in with legitimate traffic, making detection more difficult. The payload can execute commands, exfiltrate data, and persist on the infected system. Its cross-platform nature (Windows and Linux) further broadens its potential impact.

Conclusion

This campaign underscores the growing threat of supply chain attacks on software repositories like PyPI. By impersonating popular libraries, the OceanLotus group successfully delivered a sophisticated backdoor that uses a legitimate chat service for C2. Developers and organizations are urged to verify package authors, check upload dates, and employ security tools to detect anomalous dependencies. The prompt removal of these packages by PyPI administrators highlights the importance of community vigilance.