Malicious Notepad++ installers push StrongPity malware
Upon executing the Notepad++ installer, the file creates a folder named "Windows Data" under C:ProgramDataMicrosoft, and drops three files.
npp.8.1.7.Installer.x64.exe - the original Notepad++ installation file under C:UsersUsernameAppDataLocalTemp folder.
winpickr.exe - a malicious file under C:WindowsSystem32 folder.
ntuis32.exe - malicious keylogger under C:ProgramDataMicrosoftWindowsData folder
The installation of the code editor continues as expected, and the victim won't see anything out of the ordinary that could raise suspicions. As the setup finishes, a new service named "PickerSrv" is created, establishing the malware's persistence via startup execution.
Featured Resources
blog
The Future of Cloud Security: 7 Key Trends in 2025
There’s no sign of businesses slowing down their cloud adoption and the reasons are clear. Cloud security offers great agility
Solution Brief
Red Teaming
Where Traditional Red Teaming Falls Short Red teams simulate real-world cyberattacks to uncover vulnerabilities and strengthen security before adversaries can
Report
2025 Gartner® Market Guide for Adversarial Exposure Validation
Read insights from Gartner® on adversarial exposure validation. Gartner® predicts that “through 2027, 40% of organizations will have adopted formal