A software update mechanism for the popular text editor Notepad++ was hijacked by suspected Chinese state-sponsored hackers, allowing them to silently redirect some users to malicious update servers, the project’s developers announced on Monday.
In a security update posted on the project’s website, the development team said the attack did not exploit a flaw in the editor’s source code itself. Instead, the compromise occurred at the infrastructure level, involving systems used to deliver software updates.
The attackers were able to “intercept and redirect update traffic destined for notepad-plus-plus.org” stated the team, adding that the “exact technical mechanism remains under investigation.”
Read the rest of the story at The Record.
