"Malicious Notepad++ Installers Push StrongPity Malware"

The hacking group known as StrongPity is spreading malware-laced Notepad++ installers. The group, also known as APT-C-41 and Promethium, was previously observed distributing trojanized WinRAR installers between 2016 and 2018 through highly-targeted campaigns. Notepad++ is a text and source code editor for Windows used by many different organizations. When the tampered Notepad++ installer is executed, the file creates a Windows Data folder and then drops three files, one of which is a keylogger component of the StrongPity malware that records all user keystrokes and saves them to hidden system files in the Windows Data folder. This article continues to discuss observations made from the analysis of the delivery and capabilities of the StrongPity malware and how to avoid installing tampered software. 

Bleeping Computer reports "Malicious Notepad++ Installers Push StrongPity Malware"

Submitted by Anonymous on