Notepad++ Says It Was Hijacked By Chinese State-sponsored Hackers

Last year, nan creator of Notepad++ rolled retired an update for nan matter and root codification editor aft information experts reported that bad actors were hijacking its update system to redirect postulation to malicious servers. It led to users downloading compromised executables that could infect their devices. Now, Don Ho has revealed that aggregate information experts investigated nan breach and wished that nan threat character “is apt a Chinese state-sponsored group.” He said it explained why experts observed highly selective targeting during nan run and why only postulation from definite users were redirected truthful that they would download malicious files. It’s not clear what benignant of users were specifically targeted and what nan files did to their devices.

The attackers started redirecting postulation from Notepad++ to their servers sometime successful June 2025, and that went connected until December 2. Their method progressive compromising nan strategy astatine nan hosting supplier level, though nan nonstop method system that allowed them to intercept postulation remains nether investigation. In summation to releasing a information patch, Notepad++ besides migrated to a caller hosting supplier pinch overmuch stronger information practices. Ho now encourages anyone who wants to instal nan app to download type 8.9.1, which comes pinch nan information update, and moving nan installer manually.