China, Russia, the US, fucking Israel. They all piss me off so fucking much. Can’t we live in a sane world just for a single fucking day?
Notepad++ Hijacked by State-Sponsored Hackers
Submitted 2 weeks ago by Beep@lemmus.org to technology@lemmy.world
https://notepad-plus-plus.org/news/hijacked-incident-info-update/
Comments
SaharaMaleikuhm@feddit.org 2 weeks ago
Kkk2237pl@lemmy.world 2 weeks ago
At least China wants to make money, others not only money
lechekaflan@lemmy.world 2 weeks ago
Make money? Occupied Tibet would like to have a word.
HeyJoe@lemmy.world 2 weeks ago
Yikes… i guess i am confused though. What data was being sent through this channel? What did they get from people while it happened and why did it take 2 months past them stopping it to finally make a release? I love the app, but this sounds really bad.
elvith@feddit.org 2 weeks ago
From my understanding: Basically the attackers could reply to your version check request (usually done automatically) and tell N++ that there were a new version available. If you then approved the update dialogue, N++ would download and execute the binary from the update link that the server sent you. But this didn’t necessarily need to be a real update, it could have been any binary since neither the answer to the update check nor the download link were verified by N++
HeyJoe@lemmy.world 2 weeks ago
Thats what i was thinking, but there is no mention on if this did happen and if it did what did was compromised or allowed to happen.
Kissaki@feddit.org 2 weeks ago
The previous release already fixed this, or evaded the issue.
The channel was the update mechanism. Upon Notepad++ checking for updates, they were able to inject their own. So if you updated via the apps own update checker they could have misdirected you into installing something else or something modified.
cley_faye@lemmy.world 2 weeks ago
The software itself, and the devs, have little to nothing to do with this besides detecting the issue. Which was not obvious, since (it seems) the attack was targeted at specific IPs/hosts/places. It likely worked transparently without alteration for most users, probably including the devs themselves.
It also would only affects updates through the built-in updater; if you disabled that, and/or installed through some package managers, you would not have been affected.
A disturbing situation indeed. I assume some update regarding having adequately digitally signed updates were done (at least, I hope… I don’t really use N++ anymore). But the reality is, some central infrastructure are vulnerable to people with a lot of resources, and actually plugging those holes requires a bit of involvement from the users, depending how far one would go. Even if everything’s signed, you have to either know the signatory’s public key beforehand or get a certificate that you trust. And that trust is derived from an authority you trust (either automatically through common CA lists, or because you manually added it to your system). And these authorities themselves can become a weak point when a state actor butts in, meaning the only good solution is double checking those certificates with the actual source, and actually blocking everything when they change, which is somewhat tedious… and so on and so on.
Of course, some people do that; when security matters a LOT. But for most people, basic measures should be enough… usually.
bgb_ca@lemmy.ca 2 weeks ago
And work bosses saw a news story on this and banned the app outright :( can anyone suggest a replacement that is not paid and has features useful for searching lots of large logs files quickly for keywords?
Beyonder_Extreme@lemmy.world 2 weeks ago
Kate
MadPsyentist@lemmy.nz 2 weeks ago
+1 for Kate. I think its ment to be an acronym for KDE Advanced text editor but its a linux program that feels very close to notepad++ and will handle large files with gusto
ohshit604@sh.itjust.works 2 weeks ago
VSCodium.
mathemachristian@lemmy.blahaj.zone 2 weeks ago
Emacs
tehn00bi@lemmy.world 2 weeks ago
He’s asking for a text editor, not to join a cult.
helpImTrappedOnline@lemmy.world 2 weeks ago
Rename the shortcut to notepad++2?
DacoTaco@lemmy.world 2 weeks ago
Ive always had notepad++ crash on large files or xml’s with no newlines. I use sublime in those cases :)
That said, as a developer, notepad++ is a very often used tool haha
how_we_burned@lemmy.zip 2 weeks ago
I regularly open CSVs in the range of 500MB to 2GB in notepad++ without any problem…
cley_faye@lemmy.world 2 weeks ago
Notepad++ installed from any package manager was perfectly fine and safe.
purplemonkeymad@programming.dev 2 weeks ago
Well those would have included the update checker. So if you installed from a package manager, then let it update when prompted for the new version, you could still have been at risk.
bgb_ca@lemmy.ca 2 weeks ago
I know.
CeeBee_Eh@lemmy.world 2 weeks ago
Sublime 3
ieGod@lemmy.zip 2 weeks ago
Awesome choice but one crucial detail is that commercial use requires a license.
ICastFist@programming.dev 2 weeks ago
I guess Geany could work?
bgb_ca@lemmy.ca 2 weeks ago
I downloaded that one today. It will work for now but it’s missing a couple of n++ features I use.
kablez@lemmy.world 2 weeks ago
Zed! Fastest GUI editor out there other than Sublime Text.
midas22@lemmy.wtf 2 weeks ago
I’m only using Sublime Text and the Notepad that is included with Windows. Not sure exactly what you’re looking for.
xuteloops@lemmy.zip 2 weeks ago
NotepadQQ 😆
MolochHorridus@lemmy.ml 2 weeks ago
So should we at least uninstall our current Notepad++ and then download a new version? What else should we do, the post really doesn’t offer any advice.
Kazumara@discuss.tchncs.de 2 weeks ago
In the old post from when the update was released a Heise article is linked, that contains indicators of compromise, and in turn links to Kevin Beaumont for the details of his analysis:
lemmy.zip/post/54712916
heise.de/…/Notepad-updater-installed-malware-1110…
doublepulsar.com/small-numbers-of-notepad-users-r…kurmudgeon@lemmy.world 2 weeks ago
I don’t think you’ll need to uninstall. If I’m reading the article correctly, it looks like they plugged the hole in their update process by switching hosting providers to one that’s even more hardened and secure. So requests from the updater should go to the correct place now and not the state-sponsored hacker.
Then in about a month, the next version of notepad++ that is released will also properly validate/verify any downloaded update files from the server.
AlfredoJohn@sh.itjust.works 2 weeks ago
The article literally states that should you download the latest version from their site directly and then use the installer to update manually. Who knows if those who were effected already could have something else compromising the update/install process. I wouldnt update from the built in updater until the new fix with certificate and signature verification is released.
Kissaki@feddit.org 2 weeks ago
Yes, that’s the safe way. Uninstall, download current version, install. That’s it.
Outside of being compromised already where you would have to notice and fix outside of notepad anyway. But that seems unlikely given the selective attack nature the hoster was able to confirm.
AlfredoJohn@sh.itjust.works 2 weeks ago
I would just follow their advice, download the newest version from their site directly and use the new versions installer to update manually. I would probably do the same thing when the newest version with certificate and signature verification releases, after that I would assume you should be good to go. However its probably also worth scanning your system for malware just incase you updated during the time frame the attack was live.
antlion@lemmy.dbzer0.com 2 weeks ago
If I recall correctly this is the second time this has happened to N++. Fool me once… can’t get fooled again.
masterofn001@lemmy.ca 2 weeks ago
dejected_warp_core@lemmy.world 2 weeks ago
Three times++, actually. The second time was documented to have multiple payload URLs over time.
antlion@lemmy.dbzer0.com 2 weeks ago
I think I was remembering the CIA Wikileaks one which was a compromised DLL.
cley_faye@lemmy.world 2 weeks ago
I’ve kind of stopped following things up since I left windows, but maybe you’re remembering when this actually happened a while ago? This is just some in-progress post-mortem report.
brucethemoose@lemmy.world 2 weeks ago
So what malware got shipped?
Dindonmasker@sh.itjust.works 2 weeks ago
I would like to know starting from wich version should i be concerned. I haven’t updated in a while i think.
MangoCats@feddit.it 2 weeks ago
The timeline says the attack started in June of 2025 and continued through Dec 2, 2025. If you installed, updated, or silently updated during that period you may have been targeted / compromised.
Snazz@lemmy.world 2 weeks ago
What was the latest version before June 2025?
how_we_burned@lemmy.zip 2 weeks ago
How would you know if you updated?
My notepad++ is on 8.9.1 and I have no idea how it’s on that ver (ninite I think is where I sourced it…maybe it’s auto updating?)
Kissaki@feddit.org 2 weeks ago
Every version before the previous one.
If you haven’t updated you were not vulnerable to the update hijacking.
HertzDentalBar@lemmy.blahaj.zone 2 weeks ago
This is why I don’t update things that don’t need updates. Untill I switched to Linux I had been using the same version for like a decade.
Also I’d imagine the American government is doing the exact same shit. Or rather Israel is doing it in behalf of the American government
AmidFuror@fedia.io 2 weeks ago
There were a lot of typos in the linked announcement.
corsicanguppy@lemmy.ca 2 weeks ago
If it was important and true, they would’ve spell-checked.
paraphrand@lemmy.world 2 weeks ago
So that’s what the second plus includes….
RickyRigatoni@retrolemmy.com 2 weeks ago
china isn’t a state they’re a different country and do not belong to the united mexican states.
hamid@crazypeople.online 2 weeks ago
Son unos puros sonorenses de Mexicali que se les dio por expandir el negocio y se hicieron globales
RickyRigatoni@retrolemmy.com 2 weeks ago
i don’t speak german. sorry. :(
Australis13@fedia.io 2 weeks ago
Oof. Kudos to Notepad++ for being up front with the details.