OceanLotus is suspected of orchestrating a PyPI supply chain attack using malicious wheel packages to deliver a novel cross-platform malware named ZiChatBot. The malware acts as a dropper for Windows and Linux systems, establishing persistence and utilizing the Zulip team chat application's REST APIs for command and control.