Nathan GillespieFeb 2
Zack Whittaker

NEW: The developer of the long-running and popular open source text editor Notepad++ has confirmed that China government-backed hackers hijacked the software's update feature for months during 2025.

The hackers could access computers of victims who were running hijacked versions of Notepad++.

https://techcrunch.com/2026/02/02/notepad-says-chinese-government-hackers-hijacked-its-software-updates-for-months

Notepad++ says Chinese government hackers hijacked its software updates for months | TechCrunch

The developer of the popular text editor Notepad++ said hackers associated with the Chinese government hijacked its software update mechanism to deliver tainted software to users for months.

TechCrunch
Feb 2 at 6:22pmWeb
Show threadHelen FernandaFeb 2

@zackwhittaker

Amo que sempre é culpa do governo da China, da Rússia ou da Coreia do Norte. Sinal de que os profissionais dos países comunistas são muito melhores. 😂

Show threadilosamartFeb 2
@helenfernanda @zackwhittaker e quando são hackers estadunidenses nunca é o governo deles...
Show threadHelen FernandaFeb 2

@ilosamart @zackwhittaker

Exatamente. 😂

Show threadmike805Feb 2

@zackwhittaker This is why software should not have automatic updates built in.

If you enable automatic updates, you are giving that software developer admin access to your machine!

The update process might get hacked, or the software might get sold on to a threat actor, or a government might use the software to compromise you.

Auto updaters built into applications were a mistake.

Show threadSam StephensFeb 2
@zackwhittaker @mike805 I don't see how this helps. If you don't update software, eventually there's going to be a security hole you don't get a fix for. If you update software, are you really going to manually review every update for every piece of software you run? Unless you do, manual updating does not actually improve your security over automatic.
Show threadmike805Feb 2

@chopsstephens @zackwhittaker Depends on what kind of software. I might be ok with a browser auto updating or at least prompting.

But notepad? A text editor is not a huge target to get hacked. It should not really have any networking at all. But put in an auto updater and now it's a threat to the whole machine.

It does not help that auto updaters run as system services so they can install software.

Not every app needs an auto updater. It's a huge attack surface the user cannot control.

Show threadGuillaume RossoliniFeb 2

@mike805 from what I read in the article, what was hacked was the initial download, and eventually fixed via auto updates

@chopsstephens @zackwhittaker

Show threadFranz GrafFeb 2
@zackwhittaker oh oh
Show threadHTPC NZFeb 2
@zackwhittaker Chinese, North Korean, Russian, Iranian or whoever not part of "the west" seems to always have brilliant hackers who can hack anything & everything but never smart enough to cover their tracks... Where as all the 3/5 letter agencies funded to the tunes of hundreds of billions of tax payer money from the west seem to be always utterly useless at having anyone skilled enough to exploit anything. A real mystery.
Show threadfcatFeb 2
@zackwhittaker @htpcnz That's what they want you to think while "secretly" having control over your iPhone, Google Android, Windows or other Big Tech device...
Show threadtillFeb 4

@f

In germany, all the good hackers join the Chaos Computer Club, leading to a lot of fun and shenanigans. But they are less dangerous (not less competent, just not evil), so they don't make the news as often.

@zackwhittaker @htpcnz

Show threadfcatFeb 15
@till @zackwhittaker @htpcnz Will look into this. Seems interesting, thanks
Show threadP StewartFeb 3
@htpcnz @zackwhittaker Sounds like they covered their tracks well enough for six months.
Show threadκρ🦥μγFeb 2
@zackwhittaker They really shouldn’t have slapped “stand for Ukraine” on everything.
Show threadEmoryFeb 2
@zackwhittaker dang! good thing i never update n++!!
Show threadCarlos SolísFeb 2
My job's computer bundled Notepad++ as a dependency for some tool or another, fortunately I hadn't opened it since at least May '25! Upgrading right now
Show threadEl DuvelleFeb 2
@zackwhittaker whaaat
Can anyone explain what this means? What did they have access to exactly? How can you check if you've been "infected"??
Show threadAmélieFeb 3

@zackwhittaker This is the direct link to the quoted blog post, in case it's helpful to anyone. https://notepad-plus-plus.org/news/hijacked-incident-info-update/

It also contains advice on what to do now if you use Notepad++ (ie manually upgrade).

Notepad++ Hijacked by State-Sponsored Hackers | Notepad++