⚠️ Region Alert: UAE/Middle East Security researchers have identified a sophisticated supply chain attack on the Python Package Index (PyPI) involving malicious wheel packages linked to the OceanLotus (APT32) group. The campaign, which began in July 2025, used packages such as uuid32-utils and colorinal to deliver a previously undocumented malware family named ZiChatBot. The attack utilized multi-stage droppers to target both Windows and Linux platforms, often concealing malicious intent by nesting infected packages as dependencies within seemingly benign libraries. ZiChatBot is particularly notable for its command and control (C2) strategy, which eschews traditional infrastructure in favor of the public team chat application Zulip. By leveraging Zulip’s REST APIs for communication, the malware can receive and execute shellcode while blending into legitimate network traffic.…