A rogue website, notepad-plus-plus-mac.org, has been fraudulently impersonating the official Notepad++ project by offering an unauthorized macOS port under the stolen brand name, prompting Notepad++ creator Don Ho to issue a public trademark infringement notice and initiate legal action.
On May 1, 2026, Notepad++ creator Don Ho published an urgent security and trademark violation notice on the official Notepad++ website, warning users about a deceptive third-party website notepad-plus-plus-mac.org that has been presenting itself as the official home of a macOS version of the legendary Windows text editor.
The site, built and operated by New York-based software engineer Andrey Letov, was designed to mimic the branding, visual identity, and credibility of the genuine Notepad++ project, even listing Don Ho’s name and biography as a co-author to fabricate legitimacy.
Ho’s statement was unequivocal: “This site has absolutely nothing to do with Notepad++. It’s not authorized, not endorsed, and not affiliated with the project in any way.” The fraudulent branding has already deceived a significant portion of the developer community, including several tech media outlets, into believing this was an official, long-awaited macOS release.
Impersonation Tactics To Fool Users
The level of deception employed by notepad-plus-plus-mac.org went beyond a simple domain name clone. According to Don Ho’s official announcement and subsequent coverage, the operator:
- Used the Notepad++ trademark (name and logo) without permission on all site pages, download pages, and marketing materials
- Listed Don Ho’s name and biography on the site’s “Author” page to fabricate the appearance of official endorsement
- Falsely attributed a vibecoded AI plugin called “NppAIAssistant” to Don Ho on the plugins page, a plugin Ho never created
- Choose a domain name (
notepad-plus-plus-mac.org) that closely mimics the official domain (notepad-plus-plus.org), a classic typosquatting and brand impersonation tactic used in phishing and social engineering campaigns - Promoted the site across Reddit, Twitter, Discord, and tech blogs, leading mainstream media coverage that initially reported the release as genuine
The macOS port itself is written in Objective-C++ on top of Scintilla and Cocoa, and while forking an open-source GPL-licensed project is technically permitted, using the trademarked Notepad++ name without authorization is not.
As one Hacker News commenter noted, “An org name like notepad-plus-plus-mac (vs. the real notepad-plus-plus) is exactly how malicious forks impersonate official projects.”
Fake Notepad++ Security Risks
While the immediate issue is one of trademark infringement, cybersecurity professionals have flagged this incident as a significant software supply chain risk. Don Ho himself warned that in a worst-case scenario, any product carrying the Notepad++ name could be weaponized to distribute malware or a backdoor to unsuspecting users who trust the brand.
This concern is not hypothetical. As recently as February 2026, state-sponsored attackers successfully hijacked Notepad++’s official update mechanism through an infrastructure-level compromise at the hosting provider level, redirecting update traffic to malicious servers for months.
That attack, which occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself, allowed malicious actors to intercept update traffic destined for notepad-plus-plus.org from as early as June 2025 through December 2025.
This established precedent makes impersonation of the Notepad++ brand an especially high-risk threat vector; users conditioned to trust the name are prime targets for credential theft, infostealer deployment, and drive-by downloads.
Security researchers have also flagged that fake software portals mimicking developer tools often serve as delivery vehicles for macOS-targeting infostealers, such as MacSync, and for ClickFix-style social engineering lures.
Don Ho moved swiftly once alerted by vigilant community members. He directly contacted the site owner, Andrey Letov, and posted a detailed disclosure on GitHub (Issue #17982), demanding immediate takedown and cessation of trademark use.
When Letov offered to transition the branding “in a couple of weeks,” Ho rejected the delay outright: “I cannot authorize a ‘week or two’ of continued trademark infringement.”
Ho has since reported the matter to Cloudflare for trademark infringement and has stated he will take “the necessary legal steps to protect the trademark”. Despite a banner on the infringing site claiming that Letov is working with Don Ho on rebranding, Ho categorically denied any such collaboration: “I’m not working with Andrey Letov on any rebranding.”
This is not the first time Notepad++ has faced brand abuse. In 2024, an unrelated copycat site at notepad.plus was found to be exploiting the Notepad++ brand to generate ad revenue and mislead users, prompting a similar public warning from Ho.
Mitigation
To protect yourself and your organization from this and similar trademark impersonation attacks:
- Always download Notepad++ exclusively from the official website:
notepad-plus-plus.org - Verify digital signatures and checksums of any downloaded executable before running it in a development or production environment
- Notepad++ has never released a macOS version any site or post claiming otherwise is spreading misinformation
- If you encounter posts on Reddit, Twitter, Mastodon, Discord, StackOverflow, or tech forums promoting the fake site, respond with: “This is not an official Notepad++ release. It is an unauthorized project misusing the Notepad++ trademark.” and link to the official announcement at
notepad-plus-plus.org/news/npp-trademark-infringement/ - Security teams should add
notepad-plus-plus-mac.orgto web filtering blocklists as a precautionary measure against potential future malware distribution
FAQ
Q1: Is notepad-plus-plus-mac.org the official Notepad++ website for macOS?
No, it is an unauthorized third-party site using the Notepad++ trademark without permission; the official project has never released a macOS version.
Q2: Is it illegal to fork Notepad++ for macOS?
Forking the GPL-licensed code is permitted, but using the trademarked “Notepad++” name and logo without authorization constitutes trademark infringement.
Q3: Could downloading from fake Notepad++ sites expose my system to malware?
Yes, Don Ho explicitly warned that an unauthorized product carrying the Notepad++ name could distribute malware or a backdoor to unsuspecting users.
Q4: What action is Don Ho taking against the fake site?
Don Ho has contacted the site owner, reported the infringement to Cloudflare, and announced he will pursue legal action to protect the Notepad++ trademark.
Site: thecybrdef.com
For more insights and updates, follow us on Google News, Twitter, and LinkedIn.
About the Author
