Malicious Notepad++ installers push StrongPity malware

Content source
https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-installers-push-strongpity-malware/
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,696
The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.

This hacking group, also known as APT-C-41 and Promethium, was previously seen distributing trojanized WinRAR installers in highly-targeted campaigns between 2016 and 2018, so this technique is not new.

The recent lure involves Notepad++, a very popular free text and source code editor for Windows used in a wide range of organizations.

The discovery of the tampered installer comes from a threat analyst known as 'blackorbird' analysts, while Minerva Labs reports on the malware.
Click to expand...
www.bleepingcomputer.com

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
  • Thanks
Reactions: Berny, struppigel, Deletedmessiah and 9 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 68
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,787
silversurfer said:
www.bleepingcomputer.com

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware.
www.bleepingcomputer.com www.bleepingcomputer.com
Click to expand...
Stay safe

If you need to use Notepad++, make sure to source an installer from the project's website.

The software is available on numerous other websites, some of which claim to be the official Notepad++ portals but may include adware or other unwanted software.

The URL that was distributing the laced installer has been taken down following its identification by analysts, but the actors could quickly register a new one.

Follow the same precautions with all software tools you're using, no matter how niche they are, as sophisticated actors are particularly interested in specialized software cases that are ideal for watering hole attacks.

In this case, the chances of detection from an AV tool on the system would be roughly 50%, so using up-to-date security tools is essential too.
Click to expand...
 
  • Like
  • Thanks
  • +Reputation
Reactions: Berny, Deletedmessiah, mkoundo and 5 others
mkoundo

mkoundo

Level 8
Verified
Well-known
Jul 21, 2017
366
It's always worth verifying the gpg signature file:

1639135211333.png



The key fingerprint (better to confirm at multiple sources) for Notepad++ is:

Primary key fingerprint: 14BC E436 2749 B2B5 1F8C 7122 6C42 9F1D 8D84 F46E
Click to expand...

Stay safe everyone (y) (y)
 
  • Like
  • +Reputation
Reactions: silversurfer, Kongo, harlan4096 and 1 other person
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Malware News StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
Replies
0
Views
204
Security News
silversurfer
silversurfer
silversurfer
    • Like
    • +Reputation
Zebra2104 Initial Access Broker Supports Rival Malware Gangs, APTs
Replies
0
Views
624
News Archive
silversurfer
silversurfer
silversurfer
    • +Reputation
    • Like
Malware News Hackers use fake ChatGPT apps to push Windows, Android malware
Replies
0
Views
210
Security News
silversurfer
silversurfer

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top