Notepad++ users take note: It's time to check if you're hacked
Infrastructure delivering updates for Notepad++-a widely used text editor for Windows-was compromised for six months by suspected China-state hackers who used their control to deliver backdoored versions of the app to select targets, developers said Monday.
I deeply apologize to all users affected by this hijacking," the author of a post published to the official notepad-plus-plus.org site wrote Monday. The post said that the attack began last June with an infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org." The attackers, whom multiple investigators tied to the Chinese government, then selectively redirected certain targeted users to malicious update servers where they received backdoored updates. Notepad++ didn't regain control of its infrastructure until December.
The attackers used their access to install a never-before-seen payload that has been dubbed Chrysalis. Security firm Rapid 7 descrbed it as a "custom, feature-rich backdoor."