Beware Fake Notepad++ for Mac Site Can Harm Your Machine

Cybersecurity experts are flagging a deceptive website impersonating Notepad++, the popular Windows-exclusive text editor. This fraudulent site claims to offer an official macOS version, a development that has quickly raised significant security concerns across the technology community.

The site, operating under the domain notepad-plus-plus-mac.org, falsely presents itself as the official release of Notepad++ for Apple devices, misleading thousands of users who simply want a trusted code editor on their Mac.

What makes this situation more dangerous is that the website has already managed to fool reputable tech media outlets, including MacRumors and AlternativeTo, into reporting it as a legitimate product launch.

Notepad++ has been a Windows-exclusive text editor for over two decades, and its creator Don Ho has never released any version for macOS.

The fake site, however, boldly claimed that “Notepad++ is now natively available for macOS” with “no Wine, no emulation” and marketed itself as “a full native port for Apple Silicon and Intel Macs.”

To make things worse, the site even used Don Ho’s name and biography on its author page without any permission, creating a false sense of official endorsement.

Ho personally reached out to the site owner to address the trademark violation, but as of May 5, 2026, he has received no reply.

Analysts at International Cyber Digest were among the first to publicly flag the threat, pointing out that the website uses the Notepad++ trademark and the founder’s identity without authorization.

Their warning reached nearly 40,000 views within hours of being posted, signaling just how widespread the confusion had become.

Readers on X’s community notes also added context, clarifying that the site represents an unofficial community port and is not affiliated with the original Notepad++ development team in any capacity.

The developer behind the site, Andrey Letov, a software engineer from New York, built his application based on the open-source Notepad++ code.

While forking open-source software is generally acceptable, branding an independent fork with the original product’s name, logo, and founder’s identity crosses a clear legal and ethical line.

Don Ho acknowledged in a public statement that he has nothing against open-source forking itself, but the issue is the deliberate use of his name and trademark, which creates direct confusion among end users and the press alike.

In the worst case, as Ho himself warned, a product carrying the Notepad++ name could be used to distribute malware or a backdoor to unsuspecting users.

This incident also arrives against a backdrop of Notepad++ already having faced a serious supply chain attack between June and December 2025, where state-sponsored Chinese hackers from the Lotus Blossom group compromised the official Notepad++ update infrastructure and delivered a malicious backdoor called Chrysalis to targeted users.

That prior incident makes the community especially sensitive to anything mimicking the Notepad++ brand.

How the Fake Site Could Harm You

The core risk with any unofficial software build marketed under a trusted name is that users have no way to verify what is actually packaged inside the installer.

Threat actors routinely use this technique, known as brand impersonation or typosquatting, to serve malware, infostealers, or remote access trojans under the cover of a well-known application.

In past campaigns, security researchers have documented fake Notepad++ sites delivering payloads through DLL sideloading methods, where a malicious library file is placed alongside a legitimate binary to silently execute malicious code on the victim’s machine.

When a user downloads an installer from an unverified source, the machine can become compromised without any visible signs, making detection difficult until significant damage is done.

Users should only download Notepad++ or any software from its official website at notepad-plus-plus.org.

Avoid installing applications from third-party domains, even if they appear professional or receive media coverage. Always verify the publisher and check for digital signatures before running any installer.

If you have already downloaded the Mac version from notepad-plus-plus-mac.org, scan your device with a trusted security tool immediately.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.