Suspected Chinese state-backed hackers hijacked the Notepadd++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows. Infrastructure delivering updates for Notepad++--a widely used text editor for Windows--was compromised for six months by suspected China-state hackers who used their control to deliver backdoored versions of the app to select targets, developers said Monday. "I deeply apologize to all users affected by this hijacking," the author of a post published to the official notepad-plus-plus.org The post said that the attack began last June with an "infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org." The attackers, whom multiple investigators tied to the Chinese government, then selectively redirected certain targeted users to malicious update servers where they received backdoored updates.

In recent months, we observed an increase in the number of malicious campaigns that use Google Advertising as a means of distributing and delivering malware. At least two different stealers, Rhadamanthys and RedLine, were abusing the search engine promotion plan in order to deliver malicious payloads to victims' machines. They seem to use the same technique of mimicking a website associated with well-known software like Notepad and Blender 3D. The treat actors create copies of legit software websites while employing typosquatting (exploiting incorrectly spelled popular brands and company names as URLs) or combosquatting (using popular brands and company names combined with arbitrary words as URLs) to make the sites look like the real thing to the end user--the domain names allude to the original software or vendor. The design and the content of the fake web pages look the same as those of the original ones.