Comment on Notepad++ Hijacked by State-Sponsored Hackers
HeyJoe@lemmy.world 13 hours ago
Yikes… i guess i am confused though. What data was being sent through this channel? What did they get from people while it happened and why did it take 2 months past them stopping it to finally make a release? I love the app, but this sounds really bad.
The previous release already fixed this, or evaded the issue.
The channel was the update mechanism. Upon Notepad++ checking for updates, they were able to inject their own. So if you updated via the apps own update checker they could have misdirected you into installing something else or something modified.
elvith@feddit.org 13 hours ago
From my understanding: Basically the attackers could reply to your version check request (usually done automatically) and tell N++ that there were a new version available. If you then approved the update dialogue, N++ would download and execute the binary from the update link that the server sent you. But this didn’t necessarily need to be a real update, it could have been any binary since neither the answer to the update check nor the download link were verified by N++
HeyJoe@lemmy.world 12 hours ago
Thats what i was thinking, but there is no mention on if this did happen and if it did what did was compromised or allowed to happen.