Proxyware Disguised as Notepad++ Tool
Malware

Proxyware Disguised as Notepad++ Tool

AhnLab SEcurity intelligence Center(ASEC) is monitoring Proxyjacking attacks and continuously disclosing distribution cases and IoCs identified in South Korea. The threat actor Larva‑25012, known for deploying Proxyware, has recently begun using malware disguised as a Notepad++ installer. In addition, the attacker is actively changing techniques to evade detection—such as injecting

  • Jan 19 2026