OceanLotus APT32 Suspected in Novel PyPI Supply Chain Attack Spreading ZiChatBot Malware

By

Breaking: New Malware Delivered via Python Package Index

Security researchers at Kaspersky have identified a sophisticated supply chain attack targeting the Python Package Index (PyPI), linked to the state-sponsored threat group OceanLotus (APT32). Since July 2025, malicious wheel packages have been uploaded to PyPI, covertly delivering a previously unknown malware family dubbed ZiChatBot.

“These packages implement advertised features but are designed to drop malicious DLL or SO files, targeting both Windows and Linux platforms,” a Kaspersky expert told reporters. The packages were removed from PyPI after the security community was alerted.

Timeline and Infection Chain

The attackers created three fake libraries – uuid32-utils, colorinal, and termncolor – mimicking popular tools. Uuid32-utils was first uploaded July 16, followed by colorinal and termncolor on July 22. All packages bundled ZiChatBot as a hidden dependency.

One benign-looking package was used as a dependency to conceal the malicious one. Kaspersky’s Threat Attribution Engine linked the campaign to OceanLotus, known for targeting Vietnamese dissidents, media, and foreign entities.

ZiChatBot: Unique Command and Control

Unlike typical malware, ZiChatBot does not use a dedicated C2 server. Instead, it abuses the Zulip team chat app’s REST APIs for communication, making detection harder. The malware acts as a dropper, executing the final payload on infected systems.

“This is a carefully planned and executed supply chain attack,” the researcher added. “The use of a legitimate chat platform for C2 is a notable evolution.”

Background

OceanLotus (APT32) is a Vietnamese cyberespionage group active since at least 2013. It has previously targeted governments, media outlets, and human rights organizations. The group is known for using custom malware and supply chain compromises.

Past campaigns have leveraged software repositories like GitHub and npm. The PyPI attack marks a continued focus on the Python ecosystem, which is widely used in data science and automation.

What This Means

This attack underscores the growing threat of supply chain attacks on open-source repositories. Developers are urged to verify package hashes, check provenance, and use tools like dependency scanners.

The use of a chat app as C2 infrastructure signals a shift toward stealthier communications. Organizations should monitor for unusual Zulip API traffic and implement strict access controls on development environments.

Kaspersky has shared indicators of compromise (IoCs) with the security community. Further analysis is ongoing.

Note: This is a developing story. Updates will be provided as more information becomes available.

Related Articles

• How to Prevent Insider Threats and Manage Media Disclosures: Lessons from the NSA's Snowden Affair
• 7 Things You Need to Know About the Stealthy Credential Theft in Open Source Package element-data
• 10 Key Takeaways from the Sentencing of Two Cybersecurity Pros in BlackCat Ransomware Attacks
• 10 Critical Facts About Microsoft’s Latest Phishing Alert Targeting US Businesses
• Scattered Spider Ringleader Pleads Guilty in Major Crypto Heist
• Securing Cargo: A Practical Guide to the tar Crate Vulnerability (CVE-2026-33056)
• Strengthening MSP Resilience: A Step-by-Step Guide to Modernizing Security and Backup Strategies
• LofyGang Returns: Brazilian Hackers Target Minecraft Players with New 'LofyStealer' Malware