zlacker

[return to "Notepad++ hijacked by state-sponsored actors"]
1. thisis+11[view] [source] 2026-02-02 02:10:11
>>myster+(OP)
Wow. I'd love to know more how the targeted systems were actually compromised.
◧◩
2. mapont+h5[view] [source] 2026-02-02 02:54:05
>>thisis+11
There is more detail linked below:

https://www.heise.de/en/news/Notepad-updater-installed-malwa...

https://doublepulsar.com/small-numbers-of-notepad-users-repo...

The TLDR is that until version 8.8.7 of Notepad++, the developer used a self-signed certificate, which was available in the Github source code. The author enabled this by not following best practices.

The "good news" is that the attacks were very targeted and seemed to involve hands on keyboard attacks against folks in Asia.

Blaming the hosting company is kind of shady, as the author should own at least some level of the blame for this.

◧◩◪
3. idiots+G7[view] [source] 2026-02-02 03:16:16
>>mapont+h5
If the attackers did limit themselves to a small number of Asian machines they gave up an absolute goldmine. I would venture to say a lot of technical people use notepad++ at work in jobs that would be very lucrative for an attacker to exploit. I know I definitely had an 'oh shit' moment when I read this and thought about where I have notepad++ installed.
◧◩◪◨
4. PixyMi+h9[view] [source] 2026-02-02 03:34:55
>>idiots+G7
If the exploit had been widespread, though, it would have been quickly discovered.
[go to top]