Open Menu
AllLocalCommunitiesAbout
lotide
AllLocalCommunitiesAbout
Login

Notepad++ Hijacked by State-Sponsored Hackers

⁨102⁩ ⁨likes⁩

Submitted ⁨⁨2⁩ ⁨hours⁩ ago⁩ by ⁨Beep@lemmus.org⁩ to ⁨technology@lemmy.world⁩

https://notepad-plus-plus.org/news/hijacked-incident-info-update/

source

Comments

Sort:hotnewtop
  • brucethemoose@lemmy.world ⁨7⁩ ⁨minutes⁩ ago

    So what malware got shipped?

    source
  • Australis13@fedia.io ⁨2⁩ ⁨hours⁩ ago

    Oof. Kudos to Notepad++ for being up front with the details.

    source
  • HeyJoe@lemmy.world ⁨1⁩ ⁨hour⁩ ago

    Yikes… i guess i am confused though. What data was being sent through this channel? What did they get from people while it happened and why did it take 2 months past them stopping it to finally make a release? I love the app, but this sounds really bad.

    source
    • elvith@feddit.org ⁨1⁩ ⁨hour⁩ ago

      From my understanding: Basically the attackers could reply to your version check request (usually done automatically) and tell N++ that there were a new version available. If you then approved the update dialogue, N++ would download and execute the binary from the update link that the server sent you. But this didn’t necessarily need to be a real update, it could have been any binary since neither the answer to the update check nor the download link were verified by N++

      source
  • MolochHorridus@lemmy.ml ⁨39⁩ ⁨minutes⁩ ago

    So should we at least uninstall our current Notepad++ and then download a new version? What else should we do, the post really doesn’t offer any advice.

    source
    • kurmudgeon@lemmy.world ⁨13⁩ ⁨minutes⁩ ago

      I don’t think you’ll need to uninstall. If I’m reading the article correctly, it looks like they plugged the hole in their update process by switching hosting providers to one that’s even more hardened and secure. So requests from the updater should go to the correct place now and not the state-sponsored hacker.

      Then in about a month, the next version of notepad++ that is released will also properly validate/verify any downloaded update files from the server.

      source
    • Kazumara@discuss.tchncs.de ⁨10⁩ ⁨minutes⁩ ago

      In the old post from when the update was released a Heise article is linked, that contains indicators of compromise, and in turn links to Kevin Beaumont for the details of his analysis:

      lemmy.zip/post/54712916
      heise.de/…/Notepad-updater-installed-malware-1110…
      doublepulsar.com/small-numbers-of-notepad-users-r…

      source