OceanLotus APT32 Suspected in Novel PyPI Supply Chain Attack Spreading ZiChatBot Malware

Breaking: New Malware Delivered via Python Package Index

Security researchers at Kaspersky have identified a sophisticated supply chain attack targeting the Python Package Index (PyPI), linked to the state-sponsored threat group OceanLotus (APT32). Since July 2025, malicious wheel packages have been uploaded to PyPI, covertly delivering a previously unknown malware family dubbed ZiChatBot.

“These packages implement advertised features but are designed to drop malicious DLL or SO files, targeting both Windows and Linux platforms,” a Kaspersky expert told reporters. The packages were removed from PyPI after the security community was alerted.

Timeline and Infection Chain

The attackers created three fake libraries – uuid32-utils, colorinal, and termncolor – mimicking popular tools. Uuid32-utils was first uploaded July 16, followed by colorinal and termncolor on July 22. All packages bundled ZiChatBot as a hidden dependency.

One benign-looking package was used as a dependency to conceal the malicious one. Kaspersky’s Threat Attribution Engine linked the campaign to OceanLotus, known for targeting Vietnamese dissidents, media, and foreign entities.

ZiChatBot: Unique Command and Control

Unlike typical malware, ZiChatBot does not use a dedicated C2 server. Instead, it abuses the Zulip team chat app’s REST APIs for communication, making detection harder. The malware acts as a dropper, executing the final payload on infected systems.

“This is a carefully planned and executed supply chain attack,” the researcher added. “The use of a legitimate chat platform for C2 is a notable evolution.”

Background

OceanLotus (APT32) is a Vietnamese cyberespionage group active since at least 2013. It has previously targeted governments, media outlets, and human rights organizations. The group is known for using custom malware and supply chain compromises.

Past campaigns have leveraged software repositories like GitHub and npm. The PyPI attack marks a continued focus on the Python ecosystem, which is widely used in data science and automation.

What This Means

This attack underscores the growing threat of supply chain attacks on open-source repositories. Developers are urged to verify package hashes, check provenance, and use tools like dependency scanners.

The use of a chat app as C2 infrastructure signals a shift toward stealthier communications. Organizations should monitor for unusual Zulip API traffic and implement strict access controls on development environments.

Kaspersky has shared indicators of compromise (IoCs) with the security community. Further analysis is ongoing.

Note: This is a developing story. Updates will be provided as more information becomes available.