Malicious Notepad++ installers push StrongPity malware

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,732
Content source
https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-installers-push-strongpity-malware/
The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.

This hacking group, also known as APT-C-41 and Promethium, was previously seen distributing trojanized WinRAR installers in highly-targeted campaigns between 2016 and 2018, so this technique is not new.

The recent lure involves Notepad++, a very popular free text and source code editor for Windows used in a wide range of organizations.

The discovery of the tampered installer comes from a threat analyst known as 'blackorbird' analysts, while Minerva Labs reports on the malware.
Click to expand...
www.bleepingcomputer.com

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Berny, struppigel, Deletedmessiah and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,848
silversurfer said:
www.bleepingcomputer.com

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Stay safe

If you need to use Notepad++, make sure to source an installer from the project's website.

The software is available on numerous other websites, some of which claim to be the official Notepad++ portals but may include adware or other unwanted software.

The URL that was distributing the laced installer has been taken down following its identification by analysts, but the actors could quickly register a new one.

Follow the same precautions with all software tools you're using, no matter how niche they are, as sophisticated actors are particularly interested in specialized software cases that are ideal for watering hole attacks.

In this case, the chances of detection from an AV tool on the system would be roughly 50%, so using up-to-date security tools is essential too.
Click to expand...
 
  • Like
  • Thanks
  • +Reputation
Reactions: Berny, Deletedmessiah, mkoundo and 5 others
mkoundo

mkoundo

Level 8
Verified
Well-known
Jul 21, 2017
358
It's always worth verifying the gpg signature file:

1639135211333.png



The key fingerprint (better to confirm at multiple sources) for Notepad++ is:

Primary key fingerprint: 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E
Click to expand...

Stay safe everyone (y) (y)
 
  • Like
  • +Reputation
Reactions: silversurfer, Kongo, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
Replies
0
Views
764
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • +Reputation
    • Like
    • Wow
Malware News Google ads push malicious CPU-Z app from fake Windows news site
Replies
0
Views
2,002
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News European govt air-gapped systems breached using custom malware
Replies
1
Views
1,941
Security News
Brahman
Brahman

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top