notepad++

The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project.

Although, at the time of writing, the lookalike website takes visitors to the official Notepad++ downloads page, there is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack.

"Help us to take down the parasite website"

Notepad++, the free and open-source text and source code editor project has appealed to everyone to help shut down a lookalike website, notepad[.]plus that uses the project's branding, and even manages to rank high in search engine results alongside the official website, notepad-plus-plus.org.

"I’ve received numerous complaints via email, social media, and forums regarding a website that poses a significant threat to our community," writes Don Ho, the original developer of Notepad++.

The site in question notepad[.]plus, according to Ho, comes up prominently in search results when users look up "download Notepad++", as confirmed by BleepingComputer:

Lookalike website appears prominently in search results
The lookalike website appears prominently in search results
(BleepingComputer)

"Some users have mistakenly believed that [it] is the official Notepad++ website. This confusion has led to frustration and potential security risks," states the dev.

The website in question does contain a clear disclaimer at the bottom spelling out that it's "an unofficial fan website" and "not affiliated" with the project.

Notepad++ is a trademark of Don HO. Notepad[.]plus is not affiliated, sponsored or endorsed by Don HO in any ways. This is an unofficial fan website created for general information/educational purpose only. Any context found in this website is our personal opinions and do not purport to reflect the opinions or views of Don HO or its representatives. All other trademarks are the property of their respective owners.

Fan site presently redirects to official releases

It is worth noting the fan site directs visitors to the official Notepad++ releases downloads page hosted on notepad-plus-plus.org.

Despite this, Ho alleges that "this site harbors a hidden agenda" and is "is riddled with malicious advertisements on every page."

Such ads, according to Ho, could deceive unsuspecting Notepad++ users into clicking on links that generate revenue for admins of the unofficial website.

Notepad++ unoffiical fan site
Unofficial Notepad++ fan site (BleepingComputer)

"The true purpose" of, what Ho has called a "parasite website" is, according to him, "to divert traffic away from the legitimate Notepad++ website, notepad-plus-plus.org" which potentially "compromises user safety and undermines the integrity of our community."

BleepingComputer checked both the latest version of the notepad[.]plus website and archived copies from the past.

While the site's home page does contain an area at the top that appears to be purposed for hosting ad banners, we did not find an active ad running in that space or any other promotional links on the website. We did notice multiple educational and how-to blog posts on using Notepad++.

The developer urges everyone to report the website via Google Safebrowsing's "report malicious software" web form.

Such an approach, however, may not be fruitful given that presently no malicious software releases are being pushed by the unofficial site, or anything that warrants it to be classified as blatantly unsafe. Moreover, the aforementioned disclaimer put in place by the website may safeguard it against such accusations.

The Notepad++ logo and branding used by the website, on the other hand, could still fall afoul of trademark rules.

Technology reporter Catalin Cimpanu shared Notepad++'s blog post in a Mastodon thread.

Many community members began reporting the unofficial website, although, one developer echoed that reporting the site for shipping malicious software may be "erroneous."

Mastodon dev reply
A developer disagrees that lookalike site poses risks (Mastodon)

"I genuinely don't understand this. This post is full of very charged language... But I went to the site and I really don’t see anything wrong with it," writes Robby Zambito.

"The download buttons even redirect to this  Notepad++ site; they're not distributing any software themselves. They say this site is "a threat to the community"… but it is the community. It sounds more like a threat to their control over maintenance of the software which just doesn't seem like a big deal to me."

"Sure, they might gain trust and then eventually start shipping malware instead. But so could the people who run the notepad-plus-plus site," states Zambito.

The observation is especially relevant at a time when large-scale open-source projects, such as the XZ utility, had a backdoor injected in it by a developer who gained the trust of official project maintainers but went rogue. Similar stories of "vetted" researchers contributing malicious code to official projects aren't unheard of.

Such cases of wrongdoing are eventually caught, thanks to the numerous sharp-eyed community members who constantly scrutinize the open source ecosystem.

Given the popularity of Notepad++, its users are also frequently targeted with counterfeit trojanized versions by threat actors. As such, consuming open source projects like Notepad++ from their official websites and repositories remains a much safer approach than otherwise.

Related Articles:

CISA: Most critical open source projects not using memory safe code

ONNX phishing service targets Microsoft 365 accounts at financial firms

New phishing toolkit uses PWAs to steal login credentials

Warmcookie Windows backdoor pushed via fake job offers

Researcher hijacks popular Packagist PHP packages to get a job