Alert, Immediately Update Notepad++ Apps To Prevent Malware

The Notepad++ application is threatened with malware (photo: dock. Notepad)

JAKARTA Notepad++ users, popular text editors in Windows, are facing a fairly serious vulnerability. The application is hijacked to spread malware to its users.

This vulnerability lies in the application update framework known as WinGUP. The built-in renewal mechanism does not check file signatures or other security checks when downloading a new version.

This allows network connections to be intercepted and the update download link is replaced with files that can be executed by malicious parties. Thus, malware can be distributed directly through the official update process.

Security analyst Kevin Beaumont, quoted from How to Geek, said he had received information from three organizations that detected malware in the Notepad++ update. This attack is known to have affected the system since two months ago.

In response, Notepad++ released version 8.8.8 last month with initial fixes. This version ensures that updates always use downloads from GitHub which are technically harder to intercept malware.

Tighter security improvements come to the latest version, namely Notepad++ 8.8.9. This version is now equipped with signature checks and additional certificates during the entire renewal process.

In a blog post, the app developer explains that weaknesses in the validation of the integrity of the update file have been identified and fixed. Starting with the release of 8.8.9, the update will be canceled if signature verification and certificate fail.

If you are using Notepad++, it is highly recommended to update to version 8.8.8 or later. You can use an installer from the official GitHub website or repository.