Comment on Notepad++ Hijacked by State-Sponsored Hackers
pez@piefed.blahaj.zone 4 days agoLooks like 8.8.1 was May 2025 https://notepad-plus-plus.org/news/v881-we-are-with-ukraine/
8.8.2 was June 2025 and has a warning to ignore “false positives” of malware in the update…. Ouch. https://notepad-plus-plus.org/news/8.8.2-available-in-1-week-without-certificate/
AceBonobo@lemmy.world 4 days ago
You might have version 8.8.1 or lower, however it might have tried to order update got the vulnerable package instead and then remained on the older version. I think even if you have the older version that’s not a sign that you weren’t compromised.
pez@piefed.blahaj.zone 4 days ago
Fair point. I was assuming the malicious payload would come along with an update on order to hide, but it’s also possible that the malicious payload was delivered without any update to notepad++.
I’ve not seen any IOCs published have you?
floofloof@lemmy.ca 3 days ago
There’s some IOC information here:
securelist.com/…/118708/
pez@piefed.blahaj.zone 3 days ago
Thanks!
AceBonobo@lemmy.world 3 days ago
I’m not sure what you mean. The article states there were remote hands on keyboard noticed in multiple companies. That’s how the vulnerability was discovered.
pez@piefed.blahaj.zone 3 days ago
I mean IOCs that you can scan for in an environment to see if a machine has been compromised using this vulnerability. Something that tells you if you need to do additional remediation on a machine or just update notepad++ and move on.