Malicious Notepad++ installers push StrongPity malware

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,172
The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.

This hacking group, also known as APT-C-41 and Promethium, was previously seen distributing trojanized WinRAR installers in highly-targeted campaigns between 2016 and 2018, so this technique is not new.

The recent lure involves Notepad++, a very popular free text and source code editor for Windows used in a wide range of organizations.

The discovery of the tampered installer comes from a threat analyst known as 'blackorbird' analysts, while Minerva Labs reports on the malware.
 

Gandalf_The_Grey

Level 76
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,593
Stay safe

If you need to use Notepad++, make sure to source an installer from the project's website.

The software is available on numerous other websites, some of which claim to be the official Notepad++ portals but may include adware or other unwanted software.

The URL that was distributing the laced installer has been taken down following its identification by analysts, but the actors could quickly register a new one.

Follow the same precautions with all software tools you're using, no matter how niche they are, as sophisticated actors are particularly interested in specialized software cases that are ideal for watering hole attacks.

In this case, the chances of detection from an AV tool on the system would be roughly 50%, so using up-to-date security tools is essential too.
 

mkoundo

Level 8
Verified
Well-known
Jul 21, 2017
358
It's always worth verifying the gpg signature file:

1639135211333.png



The key fingerprint (better to confirm at multiple sources) for Notepad++ is:

Primary key fingerprint: 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E

Stay safe everyone (y) (y)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top