**Notepad++ Users, Re-Run the Update: Hackers Were Behind the Scenes for Months**
If you use Notepad++, a popular text editor for Windows, it's time to think twice about those automatic updates. According to independent researchers and security firms, suspected Chinese-state hackers compromised the update infrastructure of the app for six months, delivering backdoored versions to select targets.
The attackers, who were linked to the Chinese government, used their control over the update process to install a sophisticated payload dubbed "Chrysalis." This custom feature-rich backdoor was designed to be permanent and offer wide-ranging capabilities. The hackers took advantage of weak update verification controls in older versions of Notepad++ and exploited them to redirect select users to malicious servers.
Notepad++ developers are now urging all users to ensure they're running version 8.8.8 or higher, installed manually from the official website. Larger organizations should consider blocking notepad-plus-plus.org or the gup.exe process from having Internet access. Users can investigate whether their devices have been targeted by referring to the indicators of compromise security published by Rapid7.
The recent exploit highlights the importance of regular updates and careful monitoring of software components. Notepad++, which has long attracted a loyal user base, is now facing scrutiny over its vulnerabilities. With many open-source projects like it relying on donations and user support, it's essential for users to be aware of potential security risks and take proactive measures to protect themselves.
The incident also raises concerns about the impact of Internet Service Providers (ISPs) on software updates. According to Kevin Beaumont, an independent researcher, the hackers were able to tamper with update traffic if they sat in the ISP chain, making it possible for them to redirect downloads to malicious servers.
If you use Notepad++, a popular text editor for Windows, it's time to think twice about those automatic updates. According to independent researchers and security firms, suspected Chinese-state hackers compromised the update infrastructure of the app for six months, delivering backdoored versions to select targets.
The attackers, who were linked to the Chinese government, used their control over the update process to install a sophisticated payload dubbed "Chrysalis." This custom feature-rich backdoor was designed to be permanent and offer wide-ranging capabilities. The hackers took advantage of weak update verification controls in older versions of Notepad++ and exploited them to redirect select users to malicious servers.
Notepad++ developers are now urging all users to ensure they're running version 8.8.8 or higher, installed manually from the official website. Larger organizations should consider blocking notepad-plus-plus.org or the gup.exe process from having Internet access. Users can investigate whether their devices have been targeted by referring to the indicators of compromise security published by Rapid7.
The recent exploit highlights the importance of regular updates and careful monitoring of software components. Notepad++, which has long attracted a loyal user base, is now facing scrutiny over its vulnerabilities. With many open-source projects like it relying on donations and user support, it's essential for users to be aware of potential security risks and take proactive measures to protect themselves.
The incident also raises concerns about the impact of Internet Service Providers (ISPs) on software updates. According to Kevin Beaumont, an independent researcher, the hackers were able to tamper with update traffic if they sat in the ISP chain, making it possible for them to redirect downloads to malicious servers.
So apparently chinese hackers had access 2 their update system 4 months already!! 
thats so messed up! i was using version 7 and i'm glad i checked my updates manually lol thanks for the heads up devs! 
what's even more crazy is that ISPs can tamper with update traffic too... that's like, total security fail! 
gotta be more careful about who u trust online. btw, can we pls get some better security measures in place for open-source projects? they r already vulnerable enough w/ donations & user support 
it's not just about notepad++ either, this is a whole ecosystem of problems when it comes to updates and security. and yeah, ISPs are definitely in the mix too... i mean, who needs their own security when you can just sit on the internet chain right? 
anyway, glad notepad++ devs are finally addressing this though - time for a manual update for everyone! 
. But at the same time, I don't think we should be jumping all over the Chinese government just yet... I mean, who really knows if they were behind it or not? 
Anyway, I guess the real takeaway is that we should all be more careful with our updates and whatnot. But can't we also appreciate Notepad++ for still being free and awesome? 
so yeah, everyone should be updating to version 8.8.8 or higher ASAP and checking if their devices have been compromised 
also, this raises some major concerns about ISPs and how they can affect our online safety 
[Doge] Update with caution, dude... 
[Success Kid] Learn to code and protect yourself, kiddo! 
. what's next?
. I mean, I always trust the devs to keep my files safe 
. Anyone else feel like they're living on borrowed time? 
so now we gotta manually update our software and block suspicious processes