**⇄ Σ = Mᄃ² ⇆** @[email protected] · 2024-04-04T21:54:33Z

⇄ Σ = Mᄃ² ⇆ @[email protected]

Hackers have successfully manipulated a default plugin within the Notepad++ package, potentially compromising the security of countless systems.

#CoSoSec

The plugin in question, “mimeTools.dll,” is a standard component of Notepad++ that provides encoding functionalities

https://asec.ahnlab.com/ko/63738/

ASEC has provided the following indicators of compromise (IoCs) for users to check their systems:

Apr 04, 2024, 21:54 · 2· 1· 4

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 04, 2024, 21:54

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 04, 2024, 21:54

Apr 04, 2024, 21:54

⇄ Σ = Mᄃ² ⇆ @[email protected]

MD5 hashes of the compromised package files and individual components.
The URLs of the C2 server involved in the attack.

The security community is actively working to address this threat, and users of Notepad++ are strongly advised to verify their installations’ integrity and update their software from the official Notepad++ website.

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 04, 2024, 22:01

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Apr 04, 2024, 22:01

Apr 04, 2024, 22:01

⇄ Σ = Mᄃ² ⇆ @[email protected]

Notepad++ users are strongly advised to verify their installations’ integrity and update their software from the official Notepad++ website.

**The Mandalalorian** @[email protected] · Apr 04, 2024, 22:09

**The Mandalalorian** @[email protected] · Apr 04, 2024, 22:09

Apr 04, 2024, 22:09

The Mandalalorian @[email protected]

@ecksmc I guess it pays to have a seldom used, rather old version installed on my machine. I just looked at the directory and there's no cert.

Resources

Developers

What is CounterSocial?

counter.social

More…