Notepad++ hijacked by state-sponsored hackers

submitted by

notepad-plus-plus.org/news/hijacked-incident-in…

6
23
3

Log in to comment

Hot Top New Old

It used to be that being a ML (Malicious Linguist) in someones garage was the rage, now we got "Hackers with Chinese characteristics" smh

 reply
3

I'm so confused.

  1. It doesn't say anything about "state-sponsored attackers" outside of the headline? What state? Why?
  2. Why is a Notepad app connecting to any servers or have credentials at all?
 reply
3
edited

First of all, it says right in the blog post they believe it was a state-sponsored group in China:

Secondly, notepad++ is software. Software is not always written perfectly first go-round, so there may need to be updates made to the code. Rather than the developer going around to everyone's houses with a USB stick, we make use of "the internet" to deliver those updates. For convenience, software updates are often automatic, with little to no user intervention required.

I hope that clears things up.

 reply
5

It wasn't specifically notepad++ code, but a custom-written updater. That's why it was connecting to the internet.

 reply
1

I mean, it is n++ code because the updater is part of the code base. They just didn't have the connection to the update server hardened.

This was patched in like December, though.

 reply
2

Comments in cybersecurity@infosec.pub

What the hell this is so frustrating, basically this free and opensource software has been victim of an attack on their hosting provider !!
It is not even the software that is attacked anymore. Does anyone remember which free software was attacked through social engineering (it took years for the attacker to become the confident of the maintainer) then the exploit discovered within a few hours by a random microsoft engineer that checked why the library was a few microsecond slower than usual ?
Because now it looks like next level

 reply
10

Comments in Opensource@programming.dev

Well. That explains why it was very suddenly and forcefully uninstalled and blocked at work.

I hope this means it can be unblocked now, but I'd assume not anytime soon if ever.

 reply
14

Tl;dr: NPP suffered a supply chain attack via their hosting provider. They've moved hosts and improved checks performed by the in-app updater. 8.9.1 is the version to be on.

 reply
12