OceanLotus Distributing ZiChatBot Malware via PyPI Packages
OceanLotus Distributing ZiChatBot Malware via PyPI Packages
🚨 Through our daily threat hunting, we noticed that, beginning in July 2025, a series of malicious wheel packages were uploaded to PyPI (the Python Package Index). We submitted the samples to Kaspersky Threat Attribution Engine (KTAE) for analysis. Based on the results, we believe the packages may be linked to malware discussed in a Threat Intelligence report on OceanLotus.
These wheel packages function as droppers, delivering the final payload - a previously unknown malware family that we have named ZiChatBot. Unlike traditional malware, ZiChatBot does not communicate with a dedicated command and control (C2) server, but instead uses a series of REST APIs from the public team chat app Zulip as its C2 infrastructure. We confirm that this campaign is a carefully planned and executed PyPI supply chain attack.
Attack Overview
The attacker created three projects on PyPI and uploaded malicious wheel packages designed to imitate popular libraries, tricking users into downloading them. This is a clear example of a supply chain attack via PyPI. The packages added by the attacker and listed on PyPI’s download pages are: uuid32-utils, colorinal, and termncolor. A quick look at the code of the third library, termncolor, reveals no apparent malicious content. However, it imports the malicious colorinal library as a dependency. This method allows attackers to deeply conceal malware, making the termncolor library appear harmless when distributing it or luring targets.
Once a Python user downloads and installs the colorinal-0.1.7-py3-none-win_amd64.whl wheel package file, or installs it using the pip tool, the ZiChatBot’s dropper (a file named terminate.dll) will be extracted from the wheel package and placed on the victim’s hard drive. For the Linux platform, the dropper file is named terminate.so.
Functionality of the Dropper
The main logic of the dropper is implemented in the envir export function to achieve three objectives: Deploy ZiChatBot, establish an auto-run mechanism, and execute shellcode to remove the dropper file and the malicious script file from the installed library folder. ZiChatBot uses the REST APIs from Zulip, a public team chat application, as its command and control server. It is capable of executing shellcode received from the server and only supports this one control command.
ZiChatBot initiates a series of sequential HTTP requests to the Zulip REST API, including an API authentication token as an HTTP header for server-side authentication. The “helper” organization that the attacker had registered on the Zulip service has now been officially deactivated by Zulip. We recommend adding the full URL helper.zulipchat.com to your denylist.
Conclusion
Based on the results from our KTAE system, the dropper used by ZiChatBot shows a 64% similarity to another dropper we analyzed in a TI report, which was linked to OceanLotus. Reverse engineering shows that both droppers use nearly identical algorithms and logic to decrypt and decompress their embedded payloads. As an active APT organization, OceanLotus primarily targets victims in the Asia-Pacific region. However, the attacks described in this report - executed through PyPI - target Python users worldwide. This demonstrates OceanLotus’s ongoing effort to broaden its attack scope.