Notepad++ Update Mechanism Exploited to Deliver Malicious Payloads

First reported

11.12.2025 23:04

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Notepad++ version 8.8.9 was released to address a security flaw in its WinGUp update tool that allowed attackers to push malicious executables instead of legitimate updates. Users reported incidents where the updater spawned a malicious AutoUpdater.exe that collected device information and exfiltrated it to a remote site. The flaw was mitigated by enforcing updates only from GitHub and later by requiring signature verification for all updates. Security researchers noted targeted attacks against organizations with interests in East Asia, where Notepad++ processes were used to gain initial access.

Timeline

11.12.2025 23:04 1 articles · 23h ago

Notepad++ Update Mechanism Exploited to Deliver Malicious Payloads
Notepad++ version 8.8.9 was released to address a security flaw in its WinGUp update tool that allowed attackers to push malicious executables. Users reported incidents where the updater spawned a malicious AutoUpdater.exe that collected device information and exfiltrated it to a remote site. The flaw was mitigated by enforcing updates only from GitHub and later by requiring signature verification for all updates. Security researchers noted targeted attacks against organizations with interests in East Asia, where Notepad++ processes were used to gain initial access.
Show sources

Notepad++ fixes flaw that let attackers push malicious update files — www.bleepingcomputer.com — 11.12.2025 23:04
Open in new tab

Information Snippets

Notepad++ version 8.8.9 was released to fix a security weakness in the WinGUp update tool.
First reported: 11.12.2025 23:04

1 source, 1 article
Show sources
- Notepad++ fixes flaw that let attackers push malicious update files — www.bleepingcomputer.com — 11.12.2025 23:04
The malicious executable collected device information and exfiltrated it to a remote site.
First reported: 11.12.2025 23:04

1 source, 1 article
Show sources
- Notepad++ fixes flaw that let attackers push malicious update files — www.bleepingcomputer.com — 11.12.2025 23:04
Version 8.8.8 enforced updates only from GitHub to mitigate potential network hijacks.
First reported: 11.12.2025 23:04

1 source, 1 article
Show sources
- Notepad++ fixes flaw that let attackers push malicious update files — www.bleepingcomputer.com — 11.12.2025 23:04
Version 8.8.9 introduced signature verification for all updates to prevent malicious payloads.
First reported: 11.12.2025 23:04

1 source, 1 article
Show sources
- Notepad++ fixes flaw that let attackers push malicious update files — www.bleepingcomputer.com — 11.12.2025 23:04
Security researcher Kevin Beaumont reported incidents where Notepad++ processes were used for initial access in targeted attacks.
First reported: 11.12.2025 23:04

1 source, 1 article
Show sources
- Notepad++ fixes flaw that let attackers push malicious update files — www.bleepingcomputer.com — 11.12.2025 23:04
The update mechanism could be hijacked by intercepting and modifying the download URL.
First reported: 11.12.2025 23:04

1 source, 1 article
Show sources
- Notepad++ fixes flaw that let attackers push malicious update files — www.bleepingcomputer.com — 11.12.2025 23:04