A likely China-sponsored threat actor hijacked Notepad++’s software update mechanism and quietly redirected targeted users of the popular source code editor to malicious downloads for nearly six months.
The breach, which lasted between between June and December of 2025, stemmed from an infrastructure-level compromise at Notepad++’s hosting provider that allowed the attackers to intercept update traffic destined for the legitimate notepad-plus-plus.org domain and redirect it to attacker-controlled servers that delivered malicious payloads. The compromise of Notepad++’s updates is the latest example of supply chain attacks targeting the software ecosystem, which have increased in recent years.
Compromised Hosting Provider Leads to Hijacked Updates
“The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself,” Dan Ho, the main maintainer of Notepad++, said in a blog post on Monday. “Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.”
Notepad++ is an open source text and source-code editor widely used by developers and programmers. Any compromise of its update mechanism is particularly dangerous because it could allow an attacker to inject malware directly into an organization’s development environment.
The software has been downloaded tens of millions of times since it was first released in 2003 and remains popular among developers, system administrators, and IT professionals. Industry trackers estimate that thousands of organizations — including many large enterprises — use Notepad++ as part of their development workflows. Its continued popularity within the developer community is almost certainly what made it a high-value target for the perpetrators of the attack on Notepad++’s hosting provider.
“Once the updater was hijacked, the threat actor became a part of the trusted execution path for updates,” says Morey Haber, chief security advisor at BeyondTrust. That would have given them the opportunity to drop compromised updates with the same privileges as legitimate software installations and made them capable of bypassing local controls.
“That means reconnaissance, credential harvesting, lateral movement, persistence, or even data exfiltration became feasible inside the target networks based on Notepad++ usage,” Haber says. By manipulating the update mechanism and redirecting traffic to malicious servers, the threat actors bypassed conventional defenses like endpoint security controls and content filters, he notes.
Notepad++ Compromise Linked to Chinese APT
According to Ho, an investigation of the breach showed that an unamed Chinese state-sponsored group gained access to the third-party server hosting Notepad++’s WinGUp updater, sometime in June 2025. Between June and September, the attacker quietly and very selectively redirected traffic from WinGUp to an attacker-controlled server that downloaded malicious executables. The attacker lost their foothold on the third-party hosting provider’s server on Sept. 2, following scheduled maintenance where the server firmware and kernel were updated.
However, even after losing direct access, the attackers still had valid credentials in their possession which they used to continue redirecting Notepad++ update traffic to their malicious servers until at least Dec. 2., Ho said. “The attackers specifically targeted Notepad++ domain with the goal of exploiting insufficient update verification controls that existed in older versions of Notepad++,” he noted.
Following the breach, the Notepad++ project has moved its website to a new hosting provider that offers stronger security protections, Ho said. At the software level, the Notepad++ project has released a new version of WinGUp that now checks whether an update downloads successfully and also whether it is genuinely signed by Notepad++ and delivered using a valid security certificate.
In addition, the update server now digitally signs the update instructions it sends to the client, making it harder for an attacker to alter them in transit. Starting with version 8.9.2, Notepad++ will strictly enforce these checks, meaning the updater will refuse to install anything that fails verification, he said.
Security researcher Kevin Beaumont, who first reported on a handful of compromises involving Notepad++, has attributed the attack to Violet Typhoon, a China-based advanced persistent threat (APT) actor that some track as APT31 and Zirconium. According to Beaumont, the targets of the threat group’s attack via Notepad++’s updater included financial services companies and telecom providers of strategic interest to China.
Rapid7, meanwhile, attributed the supply chain attack to a different China-linked APT called Lotus Blossom. In a blog post on Monday, Rapid7 malware analyst Ivan Feigl described how the threat group deployed a previously undocumented custom backdoor, dubbed “Chrysalis,” via the supply chain attack.
Supply Chain Threats Continue
Even with greater enterprise focus on protecting development environments and software supply chains, threat actors still are finding ways to tamper with applications and updates. “APT31 bypassed every build-pipeline defense the industry deployed after SolarWinds by compromising the hosting provider and selectively poisoning Notepad++ updates to East Asian telecom and financial targets for six months,” says Collin Hogue-Spears, senior director of solution management at Black Duck. The threat actor didn’t touch Notepad++ source code, didn’t compromise the build pipeline, and never broke a single signature.
“They lived inside the hosting provider for six months, filtered update requests by IP range, and hand-delivered Trojanized installers to East Asian telecom and financial targets while millions of other users pulled clean copies.,” Hogue-Spears says. “The software supply chain has shifted from a development pipeline to a liability pipeline, and this attack exploited the gap most organizations still don’t instrument: the path between a vendor-signed binary and your endpoint.”
The lesson for organizations from such supply chain attacks is stop treating updates as trusted just because it comes from a legitimate domain. Auto-updaters, Hogue-Spears reminds, are remote code execution pipelines. “Kill direct-to-Internet updates for developer tools; force them through an internal repository that re-validates the vendor’s code-signing certificate and blocks anything not signed by the expected publisher,” he says.
Haber points to other measures organizations can take to reduce exposure to compromise via the software update infrastructure. These include enforcing strict cryptographic verification of updates, including signed manifests and checksums for binaries; ensuring that updates behave as intended; vetting the security practices of hosting and content distributors; and performing regular threat hunting around trusted processes and paths.
“Supply chains are now high-stakes attack vectors,” Haber notes, “and insecure infrastructure, regardless of its function, is another potential attack vector.”
