I'm trying to understand exactly how the Notepad++ update attack happened. Was the update compromised when users updated the software through the app, or did it happen when downloading files directly from notepad-plus-plus.org? Can both methods potentially download a malicious file? Also, if I have an installer file for version 8.8.8, how can I check if it's safe using a hash or antivirus scan? I ran a scan on some Notepad installer files I had, but nothing flagged as suspicious. Any insights on this would be appreciated!
3 Answers
I’ve checked the reports, and it looks like only the auto-update feature was compromised. Direct downloads from the website were not affected, but targeted updates for the auto-update tool were. If you’ve got version 8.8.9, you should be fine, but if you’re using older versions, updating manually is the best move. Always better safe than sorry!
Exactly! Manual updates are the way to go for now.
You’ll definitely want to focus on the auto-update issue. It allowed attackers to redirect update requests to their servers. If you’re using an 8.8.9 installer, it’s less likely to be compromised. Security tools should ideally detect anomalies, but remember it was a targeted incident. Just be cautious with any downloads or updates until you’re sure everything’s clean.
Right? It's all about being proactive these days.
Yeah, keeping an eye on things is key!
The Notepad++ update itself wasn’t directly compromised; it was the supply chain for the auto-update feature before version 8.8.9 that was at risk. This attack seemed to target specific businesses rather than affecting everyone. If you’re working on that version, you should check the sources like the Rapid7 blog and the Notepad++ update announcement for more info.
Got it, thanks for clarifying! I'll make sure to update manually then.