Hackers spread viruses for half a year through a popular text editor
For about half a year, hackers distributed malicious programs through the official update system of the popular text editor Notepad++. The developers themselves reported this on the project's website.
Illustrative photo. Photo: freepik.com
From June to December 2025, attackers were able to control program traffic and selectively attacked users, mainly those related to business in East Asia. The attack became possible due to the compromise of the hosting provider's infrastructure, on whose servers the Notepad++ website was located.
During program updates, user requests were redirected to the attackers' servers, from where malicious manifests were downloaded instead of secure files. After entering the system, the virus collected technical information about the computer and running processes, using standard operating system tools. The collected data was stored in a separate file and transmitted to the hackers.
Notepad++ developer Don Ho reported that an investigation conducted with cybersecurity specialists showed that the active phase of the attack began in June 2025. Although the hosting servers were cleaned during maintenance in September, attackers continued to have access to internal services and intercept traffic until early December.
The Notepad++ team has now completely changed hosting providers and strengthened its defense system. To ensure security and eliminate the possibility of surveillance, users are advised to manually download and install version 8.9.1 from the official website.
The current version already implements mandatory certificate verification, and in the next release, developers plan to further strengthen verification and security mechanisms.