Blog Details

Users of the text and code editor Notepad++ could have unknowingly downloaded a malicious update for the app after its shared web web hosting servers had been hijacked closing 365 days. On Monday, the app’s developer, Don Ho, posted an update on the assault with extra particulars, alongside with that the hackers had been “seemingly a Chinese recount-sponsored community” and that the app’s servers had been inclined for roughly six months from June through December 2nd, 2025.

The put up explains that the hijacking passed off on the app’s unnamed, now-ragged web web hosting provider’s stop, declaring that “Traffic from obvious centered customers used to be selectively redirected to attacker-controlled served malicious update manifests.” When victims had been redirected, their app update will get replaced with a malicious executable that, in accordance with just cybersecurity skilled Kevin Beaumont, could have given the hackers a ways-off access to a victim’s keyboard.

Don Ho’s put up also adds that the assault alive to “highly selective focusing on” in the case of the victims it redirected faraway from the legit Notepad++ web web site. Kevin Beaumont famed that the victims he spoke with “are [organizations] with pursuits in East Asia.” So, while here’s a critical security vulnerability, it’s imaginable that the hackers had been busy staring at divulge folk as another of right somebody.

The developer did now not specify when they turned into conscious about the assault, however talked about that “all attacker access used to be definitively terminated” by December 2nd. The Notepad++ updater has been updated itself with stronger safety features to envision for tampering and test that updates are legit.

Notepad++ customers could perchance smooth catch obvious they’re on no longer no longer as a lot as version 8.8.9, which addressed the vulnerabilities from the hijacking assault, and they could smooth seemingly download that version without delay from the Notepad++ web web site. Additionally, Kevin Beaumont suggested customers double-test that they’re no longer the employ of an unofficial version of Notepad++, defend a conclude look on scream from “gup.exe,” the app’s updater, and test for a suspicious “update.exe” or “AutoUpdater.exe” file in their TEMP folder.

Seriously, Don Ho, the developer of Notepad++, criticized the Chinese government in a 2019 app update. He known as that version the “Free Uyghur” version, and suggested The Verge on the time that his web web site had faced DDoS assaults in response.