Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Users of the text and code editor Notepad++ may have unwittingly downloaded a malicious update to the app after its shared hosting servers were hacked last year. On Monday, the app’s developer, Don Ho, Post an update on the attack With more details, including that the hackers were “most likely a Chinese state-sponsored group” and that the app’s servers were vulnerable for approximately six months from June until December 2, 2025.
The post explains that the hijacking occurred on the end of the unnamed app’s previous hosting provider, noting that “traffic from some targeted users was selectively redirected to malicious update data controlled by the attacker.” When victims are redirected, their app update can be replaced with a malicious executable file, according to The Independent Cybersecurity expert Kevin Beaumontmay have given hackers remote access to the victim’s keyboard.
Don Ho’s post also adds that the attack involved “highly selective targeting” regarding which victims it redirected away from the legitimate Notepad++ site. Kevin Beaumont noted that the victims he spoke with “are (organizations) with interests in East Asia.” So, even though this is a serious security vulnerability, it is possible that hackers are busy monitoring specific people rather than just anyone.
The developer did not specify when it became aware of the attack, but said that the attacker’s “access was completely terminated” by December 2. The Notepad++ updater itself has been updated with stronger security measures to check tampering and verify the legitimacy of updates.
Notepad++ users should make sure they have at least Version 8.8.9which addressed the vulnerabilities caused by the hijacking attack, and they will likely download this version Directly from the Notepad++ website. Additionally, Kevin Beaumont suggested users double-check that they are not using an unofficial version of Notepad++, monitor activity from “gup.exe”, which is the application updater, and check for a suspicious “update.exe” or “AutoUpdater.exe” file in their TEMP folder.
It is worth noting that Don Ho, the developer of Notepad++, She criticized the Chinese government In the app update of 2019. This version was called the “Free Uyghur” edition, and he told it Edge While his website faced DDoS attacks in response.