How many times has this happened to Notepad++ now?
“The exact technical mechanism remains under investigation, though the compromise occured at the hosting provider level rather than through vulnerabilities in Notepad++ code itself. Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.”
Fuckall they could really have done about it other than changing host providers, which they mentioned they already have as a result.
that’s a brutal hack. so they hacked the hosting update server, made it monitor incoming IPs, and then selectively uploaded a compromised backdoor update based on IP only to certain computers so it would go undetected longer?
it’s awful, but technically impressive that someone could remotely hack the server like that and set up such a complex system to target IPs… unless it was a state actor that compelled the server company to provide local access, in which case it’s less impressive.