this post was submitted on 03 Feb 2026
23 points (100.0% liked)

Opensource

5775 readers
244 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
23
Notepad++ hijacked by state-sponsored hackers (notepad-plus-plus.org)
submitted 1 month ago by pylapp@programming.dev to c/opensource@programming.dev
5 comments fedilink hide all child comments
all 6 comments
sorted by: hot top controversial new old
[–] Wurzelfurz@feddit.org 5 points 1 month ago

He added a link to a deep dive for the backdoor used in the attack.

https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/

[–] artyom@piefed.social 3 points 1 month ago (2 children)

I'm so confused.

  1. It doesn't say anything about "state-sponsored attackers" outside of the headline? What state? Why?
  2. Why is a Notepad app connecting to any servers or have credentials at all?
[–] DemBoSain@midwest.social 1 points 1 month ago (1 children)

It wasn't specifically notepad++ code, but a custom-written updater. That's why it was connecting to the internet.

[–] village604@adultswim.fan 2 points 1 month ago

I mean, it is n++ code because the updater is part of the code base. They just didn't have the connection to the update server hardened.

This was patched in like December, though.

[–] Calfpupa@lemmy.ml 3 points 1 month ago

It used to be that being a ML (Malicious Linguist) in someones garage was the rage, now we got "Hackers with Chinese characteristics" smh