• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 72000 (72k) monthly views (unique) and 272000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Notepad++ Fixes Critical Flaw That Allowed Hackers to Push Fake Software Updates

johny899

Member
Content Writer
Messages
1,004
Reaction score
3
Points
43
Balance
$40.8USD
Do you write your code using Notepad++? I do! That’s why I found this story extremely interesting. Hacks were taking place last week as a result of a bug that left users vulnerable to having their computers hijacked with the help of a bogus update file. Luckily, Notepad++ has fixed this issue!

What Went Wrong?​

In order to download the latest version of Notepad++, Notepad++ relied on an updater called WinGUp. The core issue was quite obvious, albeit very dangerous, in that the WinGUp updater was not verifying whether the downloaded updates were indeed the most current versions.

As a result, cyber criminals were able to leverage this weakness by sending a fraudulent update through the WinGUp uploader, and then having those files executed by their victims.

There were users that noticed that a file called AutoUpdater.exe was on their computer.
This file executed commands such as:
  • Getting information about the computer
  • Getting a list of the tasks currently running
  • Obtaining the name of the user who is logged in
All this information was then sent to an external website. These actions made it obvious that something had gone wrong.

How Did the Hackers Pull This Off?​

The attackers used a technique to manipulate the updater while it was being performed. Because the updater does not check for verified digital signatures, it will trust any file received, regardless of its source.

It is similar to ordering food and not asking who delivered it when picking up the order. This is a dangerous practice.

What Was The Solution To The Problem With Notepad++?​

In response to this issue that impacted users of Notepad++, the Notepad++ Team developed and released Notepad++ version 8.8.9.

What are the main features of Notepad++ Version 8.8.9?
  • Checks the Digital Signature of update files.
  • Blocks install of modified/fake updates.
  • Downloads updates directly from GitHub.
If the update does not pass the Security Check, it will not install.

What Should I Do Now?​

If you use Notepad++, you should update to version 8.8.9 or later now. Make sure to download the software only from the official Notepad++ Website or GitHub to ensure that you are getting a genuine copy of the program.

Even trusted programs may have bugs from time to time. It is important for companies to resolve bugs as quickly as possible. The Notepad++ Team has resolved this bug promptly. Remember to keep your software up-to-date and secure.
 
You must log in or register to reply here.
Menu
Log in
Register