Notepad++ Says Chinese-State Hackers Spent Half a Year Hijacking Its Software Updates

Don Ho, the programmer behind the popular Windows text and source code editor Notepad++, says Chinese government hackers spent half a year hijacking the tool's software updates. The state-sponsored attack targeted not everyone, but specific users in telecommunications and financial sectors with interests in East Asia.

In a blog post published Monday, Ho said the hackers gained access to Hostinger's hosting infrastructure in June 2025. Notepad++'s WinGUp updater's older versions lacked proper checks to ensure the installers they downloaded were secure. When users checked for updates, the compromised server redirected them to malicious files instead of the original Notepad++ releases.

The attackers, likely the Chinese state-sponsored group known as Violet Typhoon or APT31, maintained control of the infrastructure even after losing direct server access in September. They retained credentials to internal services that were never changed, allowing them to continue intercepting update traffic for three more ...