ElektraEmber
Midle Weight
- Депозит
- $0
The AhnLab Security Intelligence Center (ASEC) has detected a sophisticated cyberattack targeting users of the popular text and code editor, Notepad++. Hackers manipulated a default plugin within Notepad++, "mimeTools.dll," potentially compromising numerous systems. This exploit, known as DLL Hijacking, allows attackers to execute hidden malware upon launching Notepad++. The malware, embedded within the altered plugin, includes encrypted shell code and communicates with a command and control (C2) server. The server, initially disguised as a Wiki site, can facilitate further malicious activities. Although the current payload is empty, the threat remains as attackers can update it anytime. ASEC advises users to download software from official sources, conduct system scans, and stay informed about cybersecurity threats. They also provide indicators of compromise (IoCs) for users to check their systems.
Reference Link: Hackers Hijacked Notepad Plugin to Execute Malicious Code
Reference Link: Hackers Hijacked Notepad Plugin to Execute Malicious Code