About:
Chinese state-linked threat actors have compromised the installer and update mechanism associated with Notepad++ Project, injecting malicious code into Windows installer binaries distributed via official channels. The implanted backdoor enables arbitrary code execution and establishes outbound communication with attacker-controlled infrastructure, allowing remote command execution and potential full system compromise. This activity has been confirmed as actively exploited in the wild and represents a high-impact supply chain attack affecting developer and user environments.
RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.
Exploit or POC: This activity was actively exploited in the wild.
Update:
Description:
Mitigation Recommendation:
Immediately uninstall any potentially affected versions of Notepad++ and perform a clean installation of version 8.8.9 or later from the official project site.