Popular text editor Notepad++ was hacked to drop malware

By
Follow google news

Chinese state-sponsored group redirected some users' traffic.

Notepad++, a free open source text and code editor for the Windows operating system, suffered an "infrastructure-level compromise" last year by threat actors seeking to deliver malware to selected users.

Popular text editor Notepad++ was hacked to drop malware

A post-mortem of the incident which started in June 2025, and which was reported to Notepad++ by security researchers, suggested the shared hosting server for the text editor was compromised until December 2 last year.

This was in conjunction with a vulnerability in older versions of Notepad++ discovered in 2025.

The compromise officially came to light last year, when the Notepad++ developer Don Ho announced the release of version 8.8.9 which contained a fix for a traffic hijacking vulnerability.

"... Traffic from WinGUp (the Notepad++ updater) was occasionally redirected to malicious servers, resulting in the download of compromised executables," Ho wrote.

A weakness in the way WinGUP validated the integrity and authenticity of the update file allowed an attacker to intercept network traffic between the downloaded code and the Notepad++ infrastructure.

In turn this could be abused by an attacker to make the updater to download and run a malicious binary file, instead of the expected, legitimate Notepad++ one.

Unnamed Chinese state-sponsored threat actors selectively targeting specific Notepad++ users are thought by security researchers to be behind the attack.

Notepad++ has now moved to new hosting provider with "significantly stronger security practices" so as to prevent a repeat of the compromise.

Better certificate and signature verification has been added to the WinGUP updater to ensure the integrity of the downloaded Notepad++ installer.

Notepad++ version 8.9.1 contains the security fixes, and Ho suggsted updating the text editor manually as well.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
chinese statesponsored threat actorsinfrastructure hacknotepad supply chain attacksecurity

Sponsored Whitepapers

Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech
Getting ahead of the tech
Fintech compliance made fast and secure
Fintech compliance made fast and secure
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
How to evaluate SIEM solutions Safeguarding your future Get a demo Download guide
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM
2025 Security operations insights: Three-quarters of security leaders need something new in SIEM

Events

Most Read Articles

WhatsApp unveils high-security mode

WhatsApp unveils high-security mode
NSW to overhaul state cyber emergency plan

NSW to overhaul state cyber emergency plan
Google busts giant IPIDEA residential proxy network

Google busts giant IPIDEA residential proxy network
Malware toolkit guarantees store approval for Chrome extensions

Malware toolkit guarantees store approval for Chrome extensions
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?