CyberNews Briefs

Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence

Security firm Cybereason have suggested that threat actors could exploit Notepad++ plugins to get around security mechanisms and achieve persistence on the victim’s machine. Security researcher by the name RastaMouse was able to provide a demonstration showing how a malicious plugin could be used as a persistence mechanism. Cybereason released an advisory pertaining to the vulnerability on Wednesday. This is not the first time that advanced persistent threat groups have used Notepad++ plugins to conduct attacks and other nefarious activity.

In particular, the APT group StrongPity has been known to leverage a legitimate installer for Notepad++ alongside malicious executables. The combination of these two techniques allow the attackers to persist after reboot on a machine. In addition, it enables the attacker to install a keylogger on the machine and steal passwords and other information. Cybereason analyzed the plugin loading mechanism based on these prior attacks. The security firm stated that companies should monitor the unusual processes of Notepad++ and pay particular attention to shell product types to mitigate the risks posed by this vulnerability.

Read More: Notepad++ Plugins Allow Attackers to Infiltrate Systems, Achieve Persistence

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.