Three malicious PyPI packages (uuid32-utils, colorinal, termncolor) attributed to the OceanLotus APT group were discovered delivering ZiChatBot malware as part of a supply chain attack. Upon installation, the packages drop and execute a backdoor (terminate.dll on Windows / terminate.so on Linux) that establishes persistence via registry entries or crontab, then communicates with Zulip REST APIs as C2 infrastructure to enable remote control of compromised hosts. The termncolor package served as a concealment layer by importing the malicious colorinal library as a dependency. All versions of these packages are malicious and no safe version exists. It is strongly recommended to immediately remove uuid32-utils, colorinal, and termncolor from all environments and conduct a full incident response investigation.