Malicious Notepad++ installers push StrongPity malware

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Forum Veteran
Aug 17, 2014
12,731
123,854
8,399
Content source
https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-installers-push-strongpity-malware/
The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.

This hacking group, also known as APT-C-41 and Promethium, was previously seen distributing trojanized WinRAR installers in highly-targeted campaigns between 2016 and 2018, so this technique is not new.

The recent lure involves Notepad++, a very popular free text and source code editor for Windows used in a wide range of organizations.

The discovery of the tampered installer comes from a threat analyst known as 'blackorbird' analysts, while Minerva Labs reports on the malware.
Click to expand...
www.bleepingcomputer.com

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Berny, struppigel, Deletedmessiah and 9 others
silversurfer said:
www.bleepingcomputer.com

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Stay safe

If you need to use Notepad++, make sure to source an installer from the project's website.

The software is available on numerous other websites, some of which claim to be the official Notepad++ portals but may include adware or other unwanted software.

The URL that was distributing the laced installer has been taken down following its identification by analysts, but the actors could quickly register a new one.

Follow the same precautions with all software tools you're using, no matter how niche they are, as sophisticated actors are particularly interested in specialized software cases that are ideal for watering hole attacks.

In this case, the chances of detection from an AV tool on the system would be roughly 50%, so using up-to-date security tools is essential too.
Click to expand...
 
  • Like
  • Thanks
  • +Reputation
Reactions: Berny, Deletedmessiah, mkoundo and 5 others
It's always worth verifying the gpg signature file:

1639135211333.png



The key fingerprint (better to confirm at multiple sources) for Notepad++ is:

Primary key fingerprint: 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E
Click to expand...

Stay safe everyone (y) (y)
 
  • Like
  • +Reputation
Reactions: silversurfer, Kongo, harlan4096 and 1 other person
You must log in or register to reply here.

You may also like...