chrysalis backdoor

The Chrysalis backdoor is a custom malware payload delivered through a supply-chain attack targeting Notepad++ update traffic between June and December 2025. Attackers intercepted and selectively redirected update requests for certain users, replacing legitimate updates with the backdoor to gain hands-on-keyboard access on Windows systems. The incident highlights a vulnerability common to many Windows applications: updaters that trust download sources without verification. For Windows users and enterprise defenders, the attack underscores the need to verify update integrity and monitor for indicators of compromise. Discussions on WindowsForum focus on understanding the attack vector, assessing exposure, and applying remediation steps for affected systems.