“Totally Unexpected” Package Malware Using Modified Notepad++ Plug-in (WikiLoader)

AhnLab SEcurity intelligence Center (ASEC) has recently identified the distribution of a modified version of “mimeTools.dll”, a default Notepad++ plug-in. The malicious mimeTools.dll file in question was included in the package installation file of a certain version of the Notepad++ package and disguised as a legitimate package file. As shown in the image below, mimeTools is a module for conducting Base64 encoding and other tasks. It is included by default and does not require the user to add it manually. …

ahnlab asec center default disguised distribution dll dll file file installation intelligence malicious malware malware analysis mimetools.dll notepad package question security security intelligence version wikiloader