Fake Notepad++ for Mac Site Installs Malware
Key Takeaways A deceptive website, notepad-plus-plus-mac.org, is impersonating the popular Windows-exclusive text editor Notepad++ by offering a fake macOS version. The site falsely claims to be an...
Key Takeaways
- A deceptive website, notepad-plus-plus-mac.org, is impersonating the popular Windows-exclusive text editor Notepad++ by offering a fake macOS version.
- The site falsely claims to be an official port, utilizing the Notepad++ trademark and its founder Don Ho’s identity without authorization, and has misled several tech media outlets.
- While the developer behind the unofficial Mac port used open-source code, the branding creates significant confusion and poses a risk of malware distribution, especially given Notepad++’s recent history with supply chain attacks.
Deceptive Notepad++ for Mac Site Raises Malware Concerns
Cybersecurity experts are issuing urgent warnings regarding a fraudulent website that is masquerading as the official macOS release of Notepad++, the widely recognized text editor traditionally exclusive to Windows. This deceptive operation has ignited considerable security anxieties across the technology landscape.
Table Of Content
Operating under the domain notepad-plus-plus-mac.org, the site misleadingly presents itself as a legitimate port of Notepad++ for Apple devices. This ruse has unfortunately duped numerous users seeking a reliable code editor for their Mac systems.
Media Outlets Misled by Impersonation
Compounding the severity of the situation, the fraudulent website successfully deceived reputable technology news sources, including MacRumors and AlternativeTo, into reporting the fake release as an authentic product launch.
For over two decades, Notepad++ has remained a Windows-only text editor, with its creator, Don Ho, consistently refraining from developing a macOS version.
Despite this established fact, the imposter site boldly asserted that “Notepad++ is now natively available for macOS” with “no Wine, no emulation,” marketing itself as “a full native port for Apple Silicon and Intel Macs.”
Further exacerbating the deception, the site appropriated Don Ho’s name and biographical information on its author page without permission, fabricating an impression of official endorsement.
Ho personally attempted to contact the site’s owner regarding the trademark infringement but, as of May 5, 2026, had not received any response.
Security Researchers Flag the Threat
Analysts at International Cyber Digest were among the first to publicly identify and warn about this threat. They highlighted the unauthorized use of the Notepad++ trademark and the founder’s identity, with their warning garnering nearly 40,000 views within hours, underscoring the widespread confusion caused by the fake site.
Community notes on X (formerly Twitter) further clarified that the site hosts an unofficial community port and possesses no affiliation with the original Notepad++ development team.
Ethical and Legal Violations
The developer behind the site, Andrey Letov, a New York-based software engineer, constructed his application using the open-source Notepad++ code. While forking open-source software is generally permissible, branding an independent fork with the original product’s name, logo, and founder’s identity constitutes a clear violation of both legal and ethical standards.
Don Ho issued a public statement acknowledging that he has no objections to open-source forking itself. However, he emphasized that the core issue is the deliberate exploitation of his name and trademark, which directly misleads end-users and the press.
Ho also cautioned that, in a worst-case scenario, a product bearing the Notepad++ name could be exploited to distribute malware or a backdoor to unsuspecting users.
This incident is particularly sensitive given that Notepad++ recently endured a significant supply chain attack between June and December 2025. During that period, state-sponsored Chinese hackers from the Lotus Blossom group compromised the official Notepad++ update infrastructure, deploying a malicious backdoor known as Chrysalis to targeted users. This prior event has heightened the community’s vigilance toward any entity mimicking the Notepad++ brand.
How the Fake Site Could Harm You
The primary danger associated with any unofficial software build marketed under a trusted name lies in the user’s inability to verify the contents of the installer package. Threat actors frequently employ this tactic, known as brand impersonation or typosquatting, to deliver malware, information stealers, or remote access trojans disguised as legitimate applications.
Previous campaigns have seen security researchers document fake Notepad++ sites distributing payloads through DLL sideloading. This method involves placing a malicious library file alongside a legitimate binary to silently execute harmful code on the victim’s machine.
When users download an installer from an unverified source, their device can become compromised without any immediate visible indications, making detection challenging until significant damage has occurred.
What You Should Do
- Only download Notepad++ or any other software from its official website, notepad-plus-plus.org.
- Avoid installing applications from third-party domains, regardless of their professional appearance or media coverage.
- Always verify the software publisher and check for digital signatures before running any installer.
- If you have already downloaded the Mac version from notepad-plus-plus-mac.org, immediately scan your device with a trusted security tool.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.