Which versions of zebo are malicious?

The following PyPI versions of zebo are flagged malicious: 0.1.0. Treat any of these as compromised.

How do I remediate zebo if I installed it?

zebo is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed zebo — how do I know if it already compromised me?

If zebo was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is zebo part of a known attack campaign?

Yes — zebo is associated with the RLMA-2024-11213, RLUA-2025-00551, 2024-11-zebo, RLUA-2026-00946 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find zebo across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for zebo (version 0.1.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging zebo across your stack and pipelines.

Malicious package

zeboPyPI

Malicious code in zebo (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11751

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall zebo

What this malware does

Package automatically installs a script with keylogger and screenshots extraction, and sets it for an autostart.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-11-zebo

Reasons (based on the campaign):

infostealer
peristence-autorun
keylogger

Malicious versions

1 flagged

0.1.0

Indicators of compromise (SHA-256)

be0083df419b67e22360f157bd710102fe0e7b48a0e55eddc6540eb5abeb0f46

6375f974d9ad51bcea6bc3b135bf1d19c1ec7b3b90401d923b170c6abd618c3c

f67e2c21bf3fb283a2165c4112d96b86ac4125f3f7355d3c8ddc41544a796cc2

27f62f0f9a2a11b03c5bbead202d9f5d58ca471041e3115eb67dd88accc22be4

7643fc344d525d9313da25a4a0351b1655cb2dd6ad1ba2770289fb9937300d71

71def0d6b87b908f6a426999bee7e6d2169351df530ab794b0e56de116a49ff9

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for zebo (version 0.1.0). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging zebo across your stack and pipelines.
If you installed it — respond
zebo is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If zebo was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks zebo before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. zebo on PyPI has been identified as a malicious package (version 0.1.0 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-11213RLUA-2025-005512024-11-zeboRLUA-2026-00946

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks zebo-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring