PC World BusinessThis is not a drill! The makers of the popular text editor Notepad++ are warning that the Notepad++ updater, which goes by the name WinGUp, links to malware servers.
This is a case of traffic hijacking. Hackers occasionally redirected WinGUp traffic to malicious servers, which then led to the download of infected executable files on users’ computers. The Notepad++ developers then actually found a vulnerability in the “way the updater checks the integrity and authenticity of the downloaded update file. If an attacker is able to intercept network traffic between the updater client and the Notepad++ update infrastructure, they can exploit this vulnerability to cause the updater to download and execute an unwanted binary (instead of the legitimate Notepad++ update binary).”
Background info
CBS News
Rolling Stone
AlterNet
NFL Cleveland Browns
OK Magazine
Blaze Media
The Daily Beast
Raw Story