Which versions of minizip are malicious?

The following PyPI versions of minizip are flagged malicious: 0.1.3, 0.1.4. Treat any of these as compromised.

How do I remediate minizip if I installed it?

minizip is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed minizip — how do I know if it already compromised me?

If minizip was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is minizip part of a known attack campaign?

Yes — minizip is associated with the 2025-11-uzip, RLMA-2025-06576 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find minizip across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for minizip (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging minizip across your stack and pipelines.

Malicious package

minizipPyPI

Malicious code in minizip (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-191792

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall minizip

What this malware does

During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-uzip

Reasons (based on the campaign):

Downloads and executes a remote executable.
obfuscation
malware

Malicious versions

2 flagged

0.1.30.1.4

Indicators of compromise (SHA-256)

cfd2fcb97183bbde18d68cc42c266141f3788c0175d6dcfa06101d201aae5e28

33ba100525dffc7a828e4b7384f862ff22dfb55d2e7d61a34c0d31ecdff64c10

44860ffa17e849dae47a338fd7325c98ea6d22cca0666e51906bbfdf9adbc079

2aff53a785798381b0fe5ad83be05474c1e7021cb66bb0f5aca0ff3b89b23cef

59d1ba652e4e251ac3eddf46d948bd9c5f96ff3e35dcb2e1e6e084cbbf7deb97

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for minizip (2 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging minizip across your stack and pipelines.
If you installed it — respond
minizip is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If minizip was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks minizip before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. minizip on PyPI has been identified as a malicious package (versions 0.1.3, 0.1.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2025-11-uzipRLMA-2025-06576

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks minizip-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring