BeepNotepad++ Hijacked by State-Sponsored Hackers
MolochHorridusSo should we at least uninstall our current Notepad++ and then download a new version? What else should we do, the post really doesn’t offer any advice.
kurmudgeonI don’t think you’ll need to uninstall. If I’m reading the article correctly, it looks like they plugged the hole in their update process by switching hosting providers to one that’s even more hardened and secure. So requests from the updater should go to the correct place now and not the state-sponsored hacker.
Then in about a month, the next version of notepad++ that is released will also properly validate/verify any downloaded update files from the server.
The article literally states that should you download the latest version from their site directly and then use the installer to update manually. Who knows if those who were effected already could have something else compromising the update/install process. I wouldnt update from the built in updater until the new fix with certificate and signature verification is released.