Posts Tagged Phpmaker 2019 Offline Installer Do... Direct

We’ve wiped the web server. We’re rotating 1,200 user credentials. The original PHPMaker 2019 offline installer is safe. What CodeHopper had was a repackaged version—same file size, same digital certificate (stolen), different hash.

CodeHopper’s ‘old roommate’? His LinkedIn says he now works for a medical data brokerage. Posts tagged PHPMaker 2019 Offline Installer Do...

DevDave… have you deployed that generated code yet? (No timestamp. The thread is locked.) User: System Reply: Re: PHPMaker 2019 Offline Installer THREAD LOCKED. Reason: Potentially compromised credentials. We’ve wiped the web server

(Archived Forum Thread) User: DevDave_84 Date: March 12, 2023 Subject: PHPMaker 2019 Offline Installer - Does anyone still have the .exe? I know this is a long shot. The official site only hosts v2023 and v2024 now. The legacy portal requires a support subscription that expired in 2021. I have a client with a legacy ASP.NET WebForms project tied specifically to PHPMaker 2019’s old MySQL connector. If I try to regenerate with v2023, the entire database layer breaks. What CodeHopper had was a repackaged version—same file

“The installer was not an installer. It was a wrapper. After generation, the ‘mysql_connector.dll’ injected a scheduled task that beaconed out every 48 hours. The beacon payload was small—just exfiltrating database table schemas and the first 100 rows of any table named ‘patient’, ‘user’, or ‘audit_log’.