Which versions of mzip are malicious?

The following PyPI versions of mzip are flagged malicious: 0.1.0. Treat any of these as compromised.

How do I remediate mzip if I installed it?

mzip is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed mzip — how do I know if it already compromised me?

If mzip was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is mzip part of a known attack campaign?

Yes — mzip is associated with the 2025-11-uzip campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find mzip across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for mzip (version 0.1.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging mzip across your stack and pipelines.

Malicious package

mzipPyPI

Malicious code in mzip (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2025-191799

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall mzip

What this malware does

During initialization of the archive-support class, the package starts code from another file and downloads multi-stage malware

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2025-11-uzip

Reasons (based on the campaign):

Downloads and executes a remote executable.
obfuscation
malware

Malicious versions

1 flagged

0.1.0

Indicators of compromise (SHA-256)

e9aa8ab11a919cfd5b486468a3e13671431079afa0231e7af9132d258c6bc8d2

cfa6ef3ee944ed5eef4429c7c9ec9488d9c2c70be6435ee1019851527272a9e4

e3da86fc0b8ce87e4ac0b0014de36d0e1f2eac638e48e0db12058c3df75c3bad

715d7018467c50444c3a59d065ad5c427c46b18c29597cad196e84ceae7c8e87

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for mzip (version 0.1.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging mzip across your stack and pipelines.
If you installed it — respond
mzip is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If mzip was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks mzip before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. mzip on PyPI has been identified as a malicious package (version 0.1.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

2025-11-uzip

References

Credits

Kamil Mańkowski (kam193)

Detect & block this

O3 blocks mzip-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring