Hackers have been exploiting a vulnerability in the popular text and source code editor Notepad++ by tricking its updater, WinGUp, into pulling down malicious executables from compromised servers. The issue lies with the updater’s validation of update files’ integrity and authenticity.
Notepad++ creator Don Ho acknowledged the problem and released an updated version (v8.8.9) that strengthens certificate verification during updates. Meanwhile, security researcher Kevin Beaumont warned that attackers could exploit this weakness by intercepting network traffic between the updater client and Notepad++ update server to download and run malicious executables instead of legitimate updates.
Users can identify potential malicious activity by checking for unusual processes or network requests made by gup.exe, which should only connect to notepad-plus-plus.org. The maintainer also recommends removing previously installed root certificates from earlier app versions that used self-signed certificates.
A patch is now available, providing users with protection against this vulnerability.
Source: https://cybernews.com/security/hackers-exploit-vulnerability-in-notepad-plus-plus-updater