If you’re worried that this may have hit your PC I’d say first of all be aware that this is a state-level backdoor, intended to be persistent and evade detection. You are likely not the target and are very unlikely to find any evidence even if you were targeted, as it is capable of clearing its tracks.
Actions I’d suggest if you’re still worried this could have hit your PC:
Grab the list of Indicators of compromise from the bottom of this article. Disconnect the PC from the Internet now that you have the list.
Search for any instances of these files locally and SHA-256 hash them if found, and match to the hashes on the list. If you find any matches, your system is compromised.
Check the DNS cache for any hosts mentioned in the indicators, and if you have network traffic logging you could check there also. Indicators are very likely signs of prior/active attack on your PC.
If nothing found, reconnect to the net and continue…
uninstall Notepad++, or if you want to keep using it, update Notepad++ via a method other than their internal update method. I suggest powershell using winget as its preinstalled in Win10 & 11.
PS > winget list -q Notepad++
(will show you available updates)
PS > winget upgrade -q Notepad++
(Will install the update if available)
(Optional) disable Notepad++ internal update mechanism, and use winget or another method moving forward.
Settings -> Preferences -> MISC: Auto-updater: Disable.
If you’re worried that this may have hit your PC I’d say first of all be aware that this is a state-level backdoor, intended to be persistent and evade detection. You are likely not the target and are very unlikely to find any evidence even if you were targeted, as it is capable of clearing its tracks.
Actions I’d suggest if you’re still worried this could have hit your PC:
PS > winget list -q Notepad++ (will show you available updates) PS > winget upgrade -q Notepad++ (Will install the update if available)