📄 Someone’s Impersonating Notepad++ !

Notepad++ is a very popular text editor. Especially among developers due to the fact you can open multiple documents in tabs, enable syntax highlighting and install plugins.

Unfortunately, like everything that’s popular it seemed to gain some attention among bad actors.

As NeodymiumFerBore reported, someone wanted to trick developers into installing a malicious version of the app.

The method used by bad actor was quite new. First a new domain was set up under noetepad.com, next a Google Ads campaign was set up to navigate people to that fake website.

Since the fake domain looks almost like it was a legimate one, some people may have been tricked into visiting it and installing the fake Notepad++.

The legimate domain of Notepad++ is notepad-plus-plus.org. But because Google Ads rank above legimate websites, it is hard to fight it. Especially when running a free project like Notepad++.

It is also hard to understand how Google with all the systems and resources in place, was unable to reject the ad before it went live.

The problem with such actions is that the landing page can look like a legimate project page. So if you are not aware of the official page URL, you can be tricked into downloading something very different to what…