I had to check…
https://github.com/notepad-plus-plus/notepad-plus-plus/releases/tag/v7.3.3
O_o
Edit:
Yeah, it was real! Back in 2017.
https://notepad-plus-plus.org/news/v733-fix-cia-hacking-npp-issue/
Checking the certificate of DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn’t prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.
im sorry what?
Wait, what?
More info here: https://notepad-plus-plus.org/downloads/v7.3.3/
I still don’t really understand what happened.
One of the DLLs Notepad++ uses was compromised/customized by the CIA. Any apps that then use that DLL essentially allowed it to start up and do data collection in the background. The users were unaware it was happening, because all they saw running was Notepad++ rather than random_program.exe
Though the developer could not get it to do that in his own testing