I've learned that Notepad++ was compromised by a Chinese state-sponsored hack called Chrysalis. This hack is alarming as it activates the malware, which can continue to broadcast data. I'm searching for reliable malware scanners that can detect and clean this specific infiltration, especially after the malware payload has been activated. Uninstalling Notepad++ doesn't seem to be enough, and I'm puzzled why more people aren't concerned about finding a way to effectively clean this issue. What can be done?
3 Answers
Look, in this situation, it's all about assuming your system is compromised. Check the version you're running and look at the indicators of compromise (IOCs) mentioned in that Rapid7 article. If things seem off, consider completely rebuilding your system rather than just doing a reinstall; it's better to be safe than sorry.
The issue is a real concern. Many people likely don't realize they may have already been compromised since the exploit was kept quiet for so long. Even if you update Notepad++, it doesn't guarantee you've cleared out any previous intrusions. It's wise to be cautious and consider if you've had other vulnerabilities on your system. Just updating might not be enough to address the infiltration if hackers have already acted.
To clean your system, make sure you download the latest version of Notepad++ directly from their new hosting provider instead of using an update feature. This way, you get a fresh install, but that alone might not address any malware that's already on your system.
Will simply uninstalling Notepad++ get rid of all the potential malware on my machine, though? I’ve read that it may not remove everything.
Yeah, exactly! It’s unsettling that there's no definitive way to know if your system was compromised or what may remain.