Mastodawn

OceanLotus suspected of using PyPI to deliver ZiChatBot malware
#OceanLotus #ZiChatBot
https://securelist.com/oceanlotus-suspected-pypi-zichatbot-campaign/119603/

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

Kaspersky

CyberNetsecIO May 7

📰 Malicious PyPI Packages Use Zulip Chat App for C2 to Deploy 'ZiChatBot' Malware

🚨 Malicious PyPI packages found delivering 'ZiChatBot' malware. The campaign, linked to the OceanLotus APT, uses the Zulip chat app's APIs for stealthy C2 communication. #SupplyChainAttack #PyPI #Malware #OceanLotus

🔗 https://cyber.netsecops.io

Analyst207 May 6

OceanLotus Exploits PyPI to Deliver ZiChatBot Malware

Kaspersky's analysis uncovered a sneaky malware attack on PyPI, where OceanLotus hackers uploaded fake packages that looked like harmless libraries, tricking users into installing the ZiChatBot malware. The malicious packages, uploaded in July 2025, masqueraded as legitimate tools like uuid32-utils, colorinal, and termncolor.

https://osintsights.com/oceanlotus-exploits-pypi-to-deliver-zichatbot-malware?utm_source=mastodon&utm_medium=social

#Oceanlotus #Pypi #ZichatbotMalware #MalwareOperations #EmergingThreats

OceanLotus Exploits PyPI to Deliver ZiChatBot Malware

Learn how OceanLotus exploits PyPI to deliver ZiChatBot malware via malicious packages, and protect your projects from similar threats today with expert insights.

OSINTSights

The Threat Codex Aug 28, 2024

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders
#OceanLotus
https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders

Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders | Huntress

Huntress identified an intrusion against a non-profit supporting Vietnamese human rights that’s likely spanned years. Jump in as we provide a thorough analysis of this malicious threat actor.

iCyberFighter Nov 17, 2022

via: @campuscodi

QiAnXin published a report on the recent attacks of #OceanLotus (#APT32) that targeted Chinese organizations throughout 2021.

The group allegedly used 3 zero-day #vulns:

+1 in an unnamed antivirus product
+2 in an unnamed workstation management system. More here (in Chinese): https://mp.weixin.qq.com/s/pd6fUs5TLdBtwUHauclDOQ | #infosec #espionage #malware

Digital_Monet Nov 14, 2022

#oceanlotus https://mp.weixin.qq.com/s/pd6fUs5TLdBtwUHauclDOQ

heise online (inoffiziell)Feb 24, 2021

Amnesty International hat in Phishing-Mails Hinweise gefunden, dass die Gruppe Ocean Lotus einen in Deutschland lebenden vietnamesischen Blogger ausgespäht hat.
Ocean Lotus: Cyberangriffe auf Aktivisten aus Vietnam in Deutschland

Ocean Lotus: Cyberangriffe auf Aktivisten aus Vietnam in Deutschland

Amnesty International hat in Phishing-Mails Hinweise gefunden, dass die Gruppe Ocean Lotus einen in Deutschland lebenden vietnamesischen Blogger ausgespäht hat.

dispatch Dec 2, 2020

Mac users warned of more Ocean Lotus malware targeted attacks https://grahamcluley.com/mac-users-warned-of-more-ocean-lotus-malware-targeted-attacks/ #oceanlotus #Malware #macOS

Mac users warned of more Ocean Lotus malware targeted attacks

Security researchers have warned of the latest incarnation of a backdoor trojan horse that has been used in the past to target Mac users. If you're a Mac user, I really hope you're running anti-virus…

ITSEC News Dec 2, 2020

Mac users warned of more Ocean Lotus malware targeted attacks - Security researchers have warned of the latest incarnation of a backdoor trojan horse that has bee... https://grahamcluley.com/mac-users-warned-of-more-ocean-lotus-malware-targeted-attacks/ #oceanlotus #malware #macos