Notepad++ Users in Brazil Targeted by Chinese Cyberattack

An APT group linked to the Chinese government compromised the update distribution infrastructure of Notepad++, distributing malware to a selected group of users in Brazil and other countries. The attack compromised the automatic update mechanism, silently installing a malicious implant alongside the legitimate software update. The attack was surgical — targeting only specific organizations including government entities, technology companies with government contracts, academic researchers and critical infrastructure companies. Researchers attributed the attack to APT41 (Winnti), operating for both state-sponsored espionage and financial gain. Verify your Notepad++ installation checksums against official values, and implement software integrity verification in corporate environments.