OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

Introduction Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI (the Python Package Index). We shared this information with the public security community, and the malware was removed from the repository. We submitted the samples to Kaspersky Threat Attribution Engine (KTAE) for analysis. Based on the results, we believe the packages may be linked to malware discussed in a Threat Intelligence report on OceanLotus. While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files.

These files can be either . DLL or . SO (Linux shared library), indicating the packages’ ability to target both Windows and Linux platforms. They function as droppers, delivering the final payload – a previously unknown malware family that we have named ZiChatBot . Unlike traditional malware, ZiChatBot does not communicate with a dedicated command and control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure. To conceal the malicious package containing ZiChatBot, the attacker created another benign-looking package that included the malicious package as a dependency.

Based on these facts, we confirm that this campaign is a carefully planned and executed PyPI supply chain attack. Technical details Spreading The attacker created three projects on PyPI and uploaded malicious wheel packages designed to imitate popular libraries, tricking users into downloading them. This is a clear example of a supply chain attack via PyPI. See below for detailed information about the fake libraries and their corresponding wheel packages.

Malicious wheel packages The packages added by the attacker and listed on PyPI’s download pages are: uuid32-utils library for generating a 32-character random string as a UUID colorinal library for implementing cross-platform color terminal text termncolor library for ANSI color format for terminal output The key metadata for these packages are as follows: Pip install command File name First upload date Author / Email pip install uuid32-utils uuid32_utils-1. x. x-py3-none-[OS platform]. whl 2025-07-16 laz**** / laz****@tutamail. com pip install colorinal colorinal-0. 1. 7-py3-none-[OS platform]. whl 2025-07-22 sym**** / sym****@proton.

me pip install termncolor termncolor-3. 1. 0-py3-none-any. whl 2025-07-22 sym**** / sym****@proton. me Based on the distribution information on the PyPI web page, we can see that it offers X86 and X64 versions for Windows, as well as an x86_64 version for Linux. The colorinal project, for example, provides the following download options: Distribution information of the colorinal project Initial infection The uuid32-utils and colorinal libraries employ similar infection chains and malicious payloads. As a result, this analysis will focus on the colorinal library as a representative example.