Show HN: NoteBAD++ a PowerShell tool to detect Notepad++ supply chain compromise

HN Companion new | best | ask | show | jobs

		Show HN: NoteBAD++ a PowerShell tool to detect Notepad++ supply chain compromise
		2 points by maremmano 4 hours ago \| discuss
		Following Kaspersky's disclosure of the Notepad++ supply chain attack (June–Dec 2025), I (and a lot of Claude) built a PowerShell-based IOC scanner to help identify affected systems. The attack exploited GUP.exe (the auto-updater) to deliver Cobalt Strike/Chrysalis backdoors. While highly targeted (~12 machines globally, mostly gov/finance in APAC), many admins want to verify their systems are clean. NoteBad++ runs 22 checks: SHA-1/SHA-256 hash verification against known IOCs, registry persistence, malicious services, scheduled tasks, DNS cache, network connections to C2 IPs, event logs, and more. Requires Admin privileges. Returns exit code = number of findings (useful for automation). GitHub: https://github.com/maremmano/notebadpp If you're running Notepad++ < v8.8.9, I'd recommend updating regardless.
		View on Hacker News

No comments yet.

About|GitHub|Not affiliated with Y Combinator or Hacker News.