Fake Notepad++ for Mac site raises security and trademark concerns

A website promoting a native Notepad++ version for macOS has triggered a public warning from Notepad++ creator Don Ho. The issue is not that someone tried to port the open-source editor to Mac, but that the project used the Notepad++ name, branding, and Ho’s identity in a way that made it look official.

Notepad++ remains a Windows-focused editor, and the original project has not released an official macOS version. Users searching for “Notepad++ for Mac” should treat lookalike websites with caution and avoid assuming that a polished download page means the software comes from the official Notepad++ team.

The site at the center of the dispute used the domain notepad-plus-plus-mac.org and presented the project as a native Mac port. It later moved toward the name Nextpad++ for macOS, but the dispute shows how easily trusted software brands can become confusing download traps.

What happened

Don Ho objected after an unofficial macOS port used Notepad++ branding, the familiar logo style, and biographical references to him. He said the presentation created confusion and could lead users to believe the app had his approval.

The developer behind the port, Andrey Letov, built the project from the Notepad++ codebase. Since Notepad++ uses the GPL license, forking and modifying the code is allowed. The problem starts when a fork uses the original product name, logo, or creator identity without permission.

The Register reported that Ho asked Letov to change the product name and logo and remove any suggestion that Ho or the official Notepad++ team had endorsed the project. Ho also filed a trademark complaint with Cloudflare and warned that the brand misuse could create a security risk for users.

Why this is risky for Mac users

The biggest danger is trust. When a website looks official, users may download and install software without checking who built it, who signs it, or who maintains it.

That matters because fake software sites often use familiar names to spread unwanted apps, infostealers, adware, or remote access tools. Even when a specific app does not contain confirmed malware, misleading branding still weakens user safety because it hides the real source of the download.

Ho warned that a project carrying the Notepad++ name could damage the original editor’s reputation if it later shipped malware, a backdoor, or serious security flaws. Users would likely blame Notepad++, even if the official project had no control over the Mac port.

Key facts at a glance

Item	Details
Project involved	An unofficial macOS port of Notepad++
Domain reported	notepad-plus-plus-mac.org
Developer named in reports	Andrey Letov
Main complaint	Use of Notepad++ name, logo, and Don Ho’s identity
Legal issue	GPL code can be forked, but trademarks and branding cannot be reused freely
Security concern	Users may trust and install unofficial software that looks official
Current branding direction	The project is being presented as Nextpad++ for macOS

Open source does not mean official

This case also highlights a common misunderstanding around open-source software. A GPL license lets developers study, modify, and redistribute code under the license terms. It does not automatically grant permission to reuse a project’s trademark, logo, website style, or founder identity.

That distinction protects users as much as it protects developers. Clear branding helps people know whether they are downloading the original app, a fork, a wrapper, or a completely separate project.

❗️ There is a fake "Notepad++ for Mac" website making the rounds, and it has already fooled tech media into reporting it as an official release.

🔴 Notepad++ has never released a macOS version
🔴 Site uses the trademark + the founder's name and bio without permission
🔴 Founder… pic.twitter.com/BEzdcG0onc

— International Cyber Digest (@IntCyberDigest) May 4, 2026

When a fork presents itself too closely to the original, users lose that context. They may also miss important differences in update delivery, security review, code signing, plugin support, and long-term maintenance.

The timing makes the warning more serious

The Notepad++ community has already dealt with a major supply-chain incident. Earlier this year, Notepad++ disclosed that attackers had hijacked parts of its update infrastructure in a targeted campaign that began in 2025.

Security researchers linked that campaign to Lotus Blossom, a Chinese-linked espionage group. Reports said attackers redirected selected update traffic and delivered malware, including the Chrysalis backdoor, to specific victims.

That earlier incident did not come from the Notepad++ source code itself. It came from the update delivery chain. This is why download trust, official domains, and clear branding now matter even more for Notepad++ users.

How to stay safe

• Download Notepad++ only from the official Notepad++ website.
• Treat “Notepad++ for Mac” websites as unofficial unless the official project confirms them.
• Check the developer name and code-signing details before installing any Mac app.
• Avoid installers from domains that imitate famous software projects.
• Scan any downloaded installer with a trusted security tool before opening it.
• If you installed the unofficial Mac port, remove it if you do not trust its source.
• Use well-known Mac text editors if you need a native macOS alternative.

What to use instead on macOS

Mac users who need a code editor do not have to rely on an unofficial Notepad++ clone. Visual Studio Code, BBEdit, Sublime Text, CotEditor, and Nova all offer native macOS options for writing and editing code.

Users who specifically want Notepad++ can still run it through compatibility tools, but that comes with trade-offs. A native Mac app may feel better, yet it should still come from a clearly named and properly maintained project.

The safer approach is simple. Do not install software just because it uses a trusted name. Check the source first, then decide whether the developer and download path deserve that trust.

FAQ