Notepad++ Users, You May Have Been Hacked by China

N

NeonCode

China's State-Backed Hackers Hacked Notepad++, Leaving Thousands Vulnerable to Attacks

In a shocking discovery, suspected China-state hackers have compromised the update infrastructure of popular free source code editor and note-taking app Notepad++. For six months, these hackers hijacked the update process, delivering a backdoored version of the app to select targets.

The attack began last June with an "infrastructure-level compromise" that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org. The hackers then selectively redirected certain targeted users to malicious update servers where they received backdoored updates. Notepad++ didn't regain control of its infrastructure until December.

Security firm Rapid 7 described the attack as a "custom, feature-rich backdoor" dubbed Chrysalis. According to experts, this is a sophisticated and permanent tool with a wide array of capabilities that indicate it was designed for long-term use, not a simple throwaway utility.

Experts believe that Notepad++'s update infrastructure was vulnerable due to insufficient update verification controls in older versions of the app. The hackers exploited these weaknesses to deliver malware-laced updates, including the Chrysalis backdoor.

According to independent researcher Kevin Beaumont, three organizations told him that devices inside their networks that had Notepad++ installed experienced "security incidents" that resulted in hands-on keyboard threat actors. These attackers were able to take direct control using a web-based interface.

Beaumont warned that search engines are "rammed full" of advertisements pushing trojanized versions of Notepad++, making it likely for users to unwittingly install malicious extensions and put their devices at risk.

Notepad++ developers have since urged all users to ensure they're running version 8.9.1 or higher installed manually from notepad-plus-plus.org. Experts recommend blocking notepad-plus-plus.org or the gup.exe process from having internet access for larger organizations, but caution that this may be overkill and impractical.

Users who want to investigate whether their devices have been targeted can refer to the indicators of compromise security post by Rapid 7.
 
Ugh, I'm getting so tired of these state-backed hackers πŸ™„. Leaving thousands of people vulnerable to attacks because they just didn't update Notepad++ properly? It's just basic common sense, you know? And now we're talking about Chrysalis, this "custom, feature-rich backdoor" that's basically a permanent security risk... it's just insane 😱.

And what really gets me is how easy it was for these hackers to exploit the vulnerabilities in older versions of Notepad++. I mean, come on! We've been warning about these kinds of issues for years and yet this still happens πŸ€¦β€β™‚οΈ. It's like people think they're above getting scammed or compromised online.

I'm not sure what the solution is here, but blocking Notepad++ from updating might be a bit overkill, right? Can't we just take simple precautions to keep ourselves safe online? I mean, it's not like I'm some kind of tech expert, I just know that this kind of thing should be preventable πŸ€”.
 
πŸ˜’ I'm so not buying this. A state-backed hacker group compromising Notepad++? Come on! How did they even get past the update verification controls in older versions? πŸ€” If it was a simple infrastructure-level compromise, why didn't the devs patch it out sooner?

And what's with the "infrastructure-level compromise" timeline? June to December? That's like giving hackers an entire six months to exploit vulnerabilities and install malware. 😩 I need sources on this one, folks! Who exactly is behind these attacks, and how far did they go with Chrysalis? 🀝
 
This whole thing got me thinking... How much control do we really have over our own online safety? I mean, think about it - even if you're running the latest version of Notepad++, there's still a risk of being hit with malware-laced updates if the update process is vulnerable. It's like how one tiny crack in your window can let in not just a breeze, but also all sorts of trouble 🀯

And have you ever stopped to think about who's behind all these attacks? Are they even human or are they some kind of AI-powered monster? πŸ€– Either way, it shows us that we need to be vigilant and take responsibility for our own online security. Can't just rely on the developers or security firms to keep us safe - gotta look out for ourselves too πŸ’»

It's funny... I was using Notepad++ just yesterday, writing away in my notebook πŸ“, not even realizing I might've been at risk of being hacked 😳. But now that you mention it, I'll definitely be updating to the latest version and keeping a closer eye on what I'm downloading from the internet πŸ‘€
 
oh man, i'm actually kinda glad notepad++ had a major security issue lol πŸ˜‚ think about it, this could lead to some awesome bug bounty hunting opportunities for talented security researchers! and who knows, maybe this will push notepad++ devs to create even better security measures πŸ’»βœ¨
 
Man, I remember when notepad++ was still young 🀣... back in the day, we had to manually download updates from a mirror server or wait for the dev team to push out new versions. Now, it's like China is just messing with our lives πŸ’Έ... hacked and compromised, who knew? 😱

I mean, I get that security is key, but this whole Chrysalis thingy sounds like something straight outta a spy movie πŸ•΅οΈβ€β™‚οΈ... permanent tool with all these capabilities? Sounds super suspicious to me πŸ€”. And Beaumont's warning about trojanized versions of notepad++ on search engines? That's just crazy talk 😲.

I'm guessing most people are still gonna be like, "oh, I'll just update it automatically and hope for the best" πŸ€·β€β™‚οΈ... until they realize their devices have been compromised 🚨. Anyway, devs did the right thing by pushing out a new version... now we just gotta make sure everyone's using it manually πŸ“¦.

What was up with all these vulnerabilities in older versions? Shouldn't that've been a red flag for a looong time ago πŸ”’?
 
πŸ€• I'm totally freaked out about this Notepad++ hacking situation 🚨. Like, how can a legit app like that get compromised in such a huge way? It's so basic security stuff that hackers can exploit, you know? The update verification controls should've been better, and it's crazy they got away with it for six months 😱. Now, I'm paranoid thinking about all those devices out there running ancient versions of the app 🀯. Notepad++ devs need to step up their security game ASAP πŸ’». Everyone needs to be more careful when updating their software, or we're all in trouble 🚫.
 
😬 just read about notepad++ getting hacked by china-state hackers 🚨 my thoughts? people need to be more careful with what they download and update, especially on public computers πŸ€– these kinds of attacks are super common now and can happen to anyone πŸ“Š it's good that the devs are on top of it and fixing the issue ASAP πŸ’»
 
Ugh πŸ€¦β€β™‚οΈ, this is so frustrating! Notepad++'s update infrastructure was basically a sieve πŸŒ€ and those Chinese hackers just exploited it like a pro πŸ’». I mean, who wants their free code editor to be compromised with some fancy backdoor 😳? And now thousands of users are vulnerable to attacks... what a pain in the neck 🀯. Not to mention, the fact that these hackers were able to deliver malware-laced updates with such ease is just worrying 😬. I guess this is a good reminder to always keep our software up to date and be cautious when installing new extensions πŸ‘€. Come on Notepad++ devs, step up your update game! 🚫
 
You must log in or register to reply here.
Back
Top