Contrib.social

Compromised domain

Open on Drupal.org →
Created on 5 March 2025, about 2 months ago

Problem/Motivation

I personally do not use Drupal, but I am a Security Analyst that had a user within my company encounter this compromised module. I will try my best to explain what is happening.

When using this module, a domain called aabbgoldtoken.com is connected to over port 80.
The const DEFAULT_URL='https://portal.mydropwizard.com/api/v1 has been compromised to redirect to the domain mentioned above.

Steps to reproduce

Proposed resolution

Remove this module as it is not longer supported.

🐛 Bug report
Status

Active

Version

1.9

Component

Code

Created by

meltingpineapple

Live updates comments and jobs are added and updated live.
  • Security

    It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024