{"id":8997,"date":"2025-07-01T01:45:39","date_gmt":"2025-07-01T01:45:39","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=8997"},"modified":"2025-07-01T01:45:40","modified_gmt":"2025-07-01T01:45:40","slug":"notepad-upgrade-causing-trojanscript-wacatac-bml","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/notepad-upgrade-causing-trojanscript-wacatac-bml","title":{"rendered":"Notepad ++ Upgrade causing ‘Trojan:Script\/Wacatac.B!ml’"},"content":{"rendered":"\n

We had alerts today internally on defender due to a Notepad++ upgrade to 8.2.2. Note pad ++ is no longer able to sign their releases due to not being able to renew an expiring certificate due to changes in certificate authority policies as detailed at https:\/\/notepad-plus-plus.org\/news\/8.8.2-available-in-1-week-without-certificate\/<\/a> and https:\/\/notepad-plus-plus.org\/news\/v882-fix-security-issue\/<\/a><\/p>\n\n\n\n

The current work around is to whitelist the SHA 1 hash as trusted to not block the updates<\/p>\n\n\n\n

179613870a9ffc646b77918701481c8ffdae1c82e06cbc7ea7d42af3d1c9e5e2  npp.8.8.2.Installer.exe<\/p>\n\n\n\n

561a1656f8710cfd39a5dee3ae67b2c18916f792<\/p>\n\n\n\n

which matches the digests (viewed over https) at https:\/\/notepad-plus-plus.org\/downloads\/v8.8.2\/<\/a> and on their github releases page at https:\/\/github.com\/notepad-plus-plus\/notepad-plus-plus\/releases\/tag\/v8.8.2<\/a><\/p>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

We had alerts today internally on defender due to a Notepad++ upgrade to 8.2.2. Note pad ++ is no longer able to sign their releases due to […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-8997","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t