Oh no! Hackers snuck malware inside uber-popular Windows app Notepad++
This is not a drill! The makers of the popular text editor Notepad++ are warning that the Notepad++ updater, which goes by the name WinGUp, links to malware servers.
This is a case of traffic hijacking. Hackers occasionally redirected WinGUp traffic to malicious servers, which then led to the download of infected executable files on users’ computers. The Notepad++ developers then actually found a vulnerability in the “way the updater checks the integrity and authenticity of the downloaded update file. If an attacker is able to intercept network traffic between the updater client and the Notepad++ update infrastructure, they can exploit this vulnerability to cause the updater to download and execute an unwanted binary (instead of the legitimate Notepad++ update binary).”
Background information on the incident can be found in this blog by the security experts who discovered the exploit.
In the meantime, however, the programmers have been able to close this security hole. Notepad++ users should now download the latest version of Notepad++, v8.8.9. You can find the free download here. Please note: You must download and install this update manually.
You should also scan your computer for malware using an up-to-date virus scanner. Our roundup of the best antivirus tools can help if you need it.
Notepad++ is a free text editor that supports a variety of character sets and automatically recognizes and visually structures programming languages, making it popular with developers. The tool also recognizes older languages such as Fortran and Cobol and highlights the syntax using color coding, to make structural elements and keywords stand out clearly.
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Angry
0
Sad
0
Wow
0
