OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI
Between July 2025 and May 2026, threat actors suspected to be OceanLotus distributed malicious Python wheel packages on PyPI that targeted Windows and Linux systems. These fake packages mimicked legitimate libraries and deployed droppers that installed ZiChatBot malware. ZiChatBot uses Zulip's REST APIs for command and control instead of traditional C2 servers, supports shellcode execution, and establishes persistence via registry keys on Windows or crontab on Linux. The malicious packages were quickly removed from PyPI after discovery. Attribution is based on behavioral similarity with known OceanLotus droppers. No official patch or remediation guidance is provided, and no known exploits in the wild have been reported.
AI Analysis
Technical Summary
OceanLotus threat actors conducted a supply chain attack by uploading three malicious wheel packages (uuid32-utils, colorinal, termncolor) to PyPI, targeting both Windows and Linux platforms. These packages deployed droppers that installed ZiChatBot, a novel malware family leveraging Zulip REST APIs for command and control. The malware enables execution of shellcode commands and persistence through Windows registry keys or Linux crontab entries. Attribution to OceanLotus is supported by a 64% similarity score with known droppers analyzed by the KTAE system. The malicious packages were removed from PyPI following discovery. No patch or vendor advisory is available, and the threat is assessed as medium severity.
Potential Impact
The supply chain attack allowed OceanLotus to distribute malware via trusted Python package repositories, potentially compromising systems that installed the malicious packages. ZiChatBot malware can execute arbitrary shellcode and maintain persistence, posing risks of unauthorized system control. The use of Zulip REST APIs for command and control represents a novel evasion technique. However, the malicious packages were removed from PyPI promptly, and no known exploits in the wild have been reported to date.
Mitigation Recommendations
The malicious packages have been removed from PyPI. Users should verify the integrity and authenticity of Python packages before installation, preferably using trusted sources and package signing where available. There is no official patch or remediation guidance from vendors. Monitoring for unusual registry or crontab modifications and network traffic to Zulip APIs may help detect infections. Patch status is not yet confirmed — check PyPI and vendor advisories for updates.
Indicators of Compromise
- hash: ba2f1868f2af9e191ebf47a5fab5cbab
- hash: 1995682d600e329b7833003a01609252
- hash: 5152410aeef667ffaf42d40746af4d84
- hash: 38b75af6cbdb60127decd59140d10640
- hash: 1c0a5b35c003ac3182c589c6e014a42678a0647f
- hash: 8a4a444761ca8836e6022af4a0e86a2be031aaa6
- hash: 08a75a092e9793b6d3eb473c246d3c5e4750cd525342276d8bf1ab7d1fe45112
- hash: d05d6b08078b3d153ab821cd4dd6b5f5bd390c007c6d01653f459c35b917b80c
- hash: ccc71ba929add58ad89dff289295659b69ad43a5
- hash: 437a824e63975a350108e20881020ad288fb6343d4f61fff7d64811270219dea
- hash: 02f4701559fc40067e69bb426776a54f
- hash: 0a5a06fa2e74a57fd5ed8e85f04a483a
- hash: 22538214a3c917ff3b13a9e2035ca521
- hash: 454b85dc32dc8023cd2be04e4501f16a
- hash: 48be833b0b0ca1ad3cf99c66dc89c3f4
- hash: 5598baa59c716590d8841c6312d8349e
- hash: 652f4da6c467838957de19eed40d39da
- hash: 968782b4feb4236858e3253f77ecf4b0
- hash: a26019b68ef060e593b8651262cbd0f6
- hash: b55b6e364be44f27e3fecdce5ad69eca
- hash: c33782c94c29dd268a42cbe03542bca5
- hash: e200f2f6a2120286f9056743bc94a49d
- hash: e4a0ad38fd18a0e11199d1c52751908b
- hash: fce65c540d8186d9506e2f84c38a57c4
- hash: 05391e972db01ed9d55b202b9ae3feec700eabf5
- hash: 06adabcb962b5cf5d9fb63542518a5b80b5a9ad4
- hash: 67b2e7eb4255f6b990f1bd9917ea54228af2c6a1
- hash: 6a8d20cf325b766e69f6133b3a7325034b76948c
- hash: 93708b635f11f182d5541274d0ac7b7d5baf3795
- hash: c7a2684ec7dc6484655e8dfe5b184341c416a3e0
- hash: 2b5225816089467aacdcd201a44989a2f78491c29f6fad41b52731bfefc1b886
- hash: 50d2fb75ef2bb56915e28595574663d8a1e0193e335e3e4f0ad2c0a4770fd787
- hash: 68dfa75e916f4fb44a071851965493a324d331e37b791e21c45feba54aec23d8
- hash: be19d98b5449a052c03b189d9687543d619c8c1893f12709ef6bef6ff7657510
- hash: c7e93e50f1f241e63e738925e4f8c7f8ee004506723c2b49ed0789100f4ce4ba
- hash: f85f44ebdd341f22f0cbd408ee40f162d697fc48c3824c897b61980fa38a4d92
- domain: helper.zulipchat.com
OceanLotus suspected of distributing ZiChatBot malware via wheel packages in PyPI
Description
Between July 2025 and May 2026, threat actors suspected to be OceanLotus distributed malicious Python wheel packages on PyPI that targeted Windows and Linux systems. These fake packages mimicked legitimate libraries and deployed droppers that installed ZiChatBot malware. ZiChatBot uses Zulip's REST APIs for command and control instead of traditional C2 servers, supports shellcode execution, and establishes persistence via registry keys on Windows or crontab on Linux. The malicious packages were quickly removed from PyPI after discovery. Attribution is based on behavioral similarity with known OceanLotus droppers. No official patch or remediation guidance is provided, and no known exploits in the wild have been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
OceanLotus threat actors conducted a supply chain attack by uploading three malicious wheel packages (uuid32-utils, colorinal, termncolor) to PyPI, targeting both Windows and Linux platforms. These packages deployed droppers that installed ZiChatBot, a novel malware family leveraging Zulip REST APIs for command and control. The malware enables execution of shellcode commands and persistence through Windows registry keys or Linux crontab entries. Attribution to OceanLotus is supported by a 64% similarity score with known droppers analyzed by the KTAE system. The malicious packages were removed from PyPI following discovery. No patch or vendor advisory is available, and the threat is assessed as medium severity.
Potential Impact
The supply chain attack allowed OceanLotus to distribute malware via trusted Python package repositories, potentially compromising systems that installed the malicious packages. ZiChatBot malware can execute arbitrary shellcode and maintain persistence, posing risks of unauthorized system control. The use of Zulip REST APIs for command and control represents a novel evasion technique. However, the malicious packages were removed from PyPI promptly, and no known exploits in the wild have been reported to date.
Mitigation Recommendations
The malicious packages have been removed from PyPI. Users should verify the integrity and authenticity of Python packages before installation, preferably using trusted sources and package signing where available. There is no official patch or remediation guidance from vendors. Monitoring for unusual registry or crontab modifications and network traffic to Zulip APIs may help detect infections. Patch status is not yet confirmed — check PyPI and vendor advisories for updates.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/"]
- Adversary
- APT32
- Pulse Id
- 69fb57e61f46ab512bd87fc1
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hashba2f1868f2af9e191ebf47a5fab5cbab | — | |
hash1995682d600e329b7833003a01609252 | — | |
hash5152410aeef667ffaf42d40746af4d84 | — | |
hash38b75af6cbdb60127decd59140d10640 | — | |
hash1c0a5b35c003ac3182c589c6e014a42678a0647f | — | |
hash8a4a444761ca8836e6022af4a0e86a2be031aaa6 | — | |
hash08a75a092e9793b6d3eb473c246d3c5e4750cd525342276d8bf1ab7d1fe45112 | — | |
hashd05d6b08078b3d153ab821cd4dd6b5f5bd390c007c6d01653f459c35b917b80c | — | |
hashccc71ba929add58ad89dff289295659b69ad43a5 | — | |
hash437a824e63975a350108e20881020ad288fb6343d4f61fff7d64811270219dea | — | |
hash02f4701559fc40067e69bb426776a54f | — | |
hash0a5a06fa2e74a57fd5ed8e85f04a483a | — | |
hash22538214a3c917ff3b13a9e2035ca521 | — | |
hash454b85dc32dc8023cd2be04e4501f16a | — | |
hash48be833b0b0ca1ad3cf99c66dc89c3f4 | — | |
hash5598baa59c716590d8841c6312d8349e | — | |
hash652f4da6c467838957de19eed40d39da | — | |
hash968782b4feb4236858e3253f77ecf4b0 | — | |
hasha26019b68ef060e593b8651262cbd0f6 | — | |
hashb55b6e364be44f27e3fecdce5ad69eca | — | |
hashc33782c94c29dd268a42cbe03542bca5 | — | |
hashe200f2f6a2120286f9056743bc94a49d | — | |
hashe4a0ad38fd18a0e11199d1c52751908b | — | |
hashfce65c540d8186d9506e2f84c38a57c4 | — | |
hash05391e972db01ed9d55b202b9ae3feec700eabf5 | — | |
hash06adabcb962b5cf5d9fb63542518a5b80b5a9ad4 | — | |
hash67b2e7eb4255f6b990f1bd9917ea54228af2c6a1 | — | |
hash6a8d20cf325b766e69f6133b3a7325034b76948c | — | |
hash93708b635f11f182d5541274d0ac7b7d5baf3795 | — | |
hashc7a2684ec7dc6484655e8dfe5b184341c416a3e0 | — | |
hash2b5225816089467aacdcd201a44989a2f78491c29f6fad41b52731bfefc1b886 | — | |
hash50d2fb75ef2bb56915e28595574663d8a1e0193e335e3e4f0ad2c0a4770fd787 | — | |
hash68dfa75e916f4fb44a071851965493a324d331e37b791e21c45feba54aec23d8 | — | |
hashbe19d98b5449a052c03b189d9687543d619c8c1893f12709ef6bef6ff7657510 | — | |
hashc7e93e50f1f241e63e738925e4f8c7f8ee004506723c2b49ed0789100f4ce4ba | — | |
hashf85f44ebdd341f22f0cbd408ee40f162d697fc48c3824c897b61980fa38a4d92 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainhelper.zulipchat.com | — |
Threat ID: 69fc528acbff5d8610c7337c
Added to database: 5/7/2026, 8:51:22 AM
Last enriched: 5/7/2026, 9:06:23 AM
Last updated: 5/7/2026, 2:06:30 PM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.