What does the pdf2doc malware do?

During installation, the code attempts to exfiltrate basic data (username, host name) and send to the attacker. The package looks to be a clone of an existing one Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2024-09-pdf2doc Reasons (based on the campaign): - The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk. - typosquatting - obfuscation - dependency-confusion - The package overrides the install command in setup.py to execute malicious code during installation. - clones-real-package

Which versions of pdf2doc are malicious?

The following PyPI versions of pdf2doc are flagged malicious: 0.3.9. Treat any of these as compromised.

How do I remediate pdf2doc if I installed it?

pdf2doc is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pdf2doc — how do I know if it already compromised me?

If pdf2doc was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pdf2doc part of a known attack campaign?

Yes — pdf2doc is associated with the RLMA-2024-11113, 2024-09-pdf2doc, RLUA-2026-00585 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pdf2doc across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pdf2doc (version 0.3.9). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pdf2doc across your stack and pipelines.

Malicious package

pdf2docPyPI

Malicious code in pdf2doc (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11657

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pdf2doc

What this malware does

During installation, the code attempts to exfiltrate basic data (username, host name) and send to the attacker. The package looks to be a clone of an existing one

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-09-pdf2doc

Reasons (based on the campaign):

The package contains code to exfiltrate basic data from the system, like IP or username. It has a limited risk.
typosquatting
obfuscation
dependency-confusion
The package overrides the install command in setup.py to execute malicious code during installation.
clones-real-package

Malicious versions

1 flagged

0.3.9

Indicators of compromise (SHA-256)

751b13e0f4628b4af5f5e84a940e967e28655aa6de7ad858e8b73a8a9f0de0b5

0ff273048f4e4de37731d163191de44bf9c9d5063b6c1326408fd760254ca429

ae55659200290f97e3d07c41d49af574eb14ad3dc5913535e8d100cf2c48dd58

30087900c557360b0bdcc4f090bd7a7a55dd9c716d1b79d21845c5f377a56c78

6a68ba79922b515822126e889940bafba5b4f6a546ca21de1a829f031e56e48a

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pdf2doc (version 0.3.9). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pdf2doc across your stack and pipelines.
If you installed it — respond
pdf2doc is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pdf2doc was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pdf2doc before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pdf2doc on PyPI has been identified as a malicious package (version 0.3.9 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-111132024-09-pdf2docRLUA-2026-00585

References

bad-packages.kam193.eu

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks pdf2doc-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring