EmEditor Under Siege: Infostealer Malware Hits in Supply Chain Attack!

EmEditor users, watch out! A supply chain attack turned the ‘download now’ button into a ‘malware now’ button. If you clicked between December 19 and 22, consider your data compromised. Infostealer malware disguised as a legitimate installer is the culprit, targeting your system info, VPNs, and even your Facebook ad accounts. Stay vigilant!

3P
Published: December 29, 2025 11:26 amAdded: December 29, 2025 at 3:43 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In a twist fit for a cyber-thriller, EmEditor went from a text editing hero to a malware villain faster than you can say “supply chain attack”. It seems the code ninjas over at Emurasoft need to sharpen their defenses or risk becoming the next blockbuster hit in the cybercrime cinema. Watch out, Hollywood, there’s a new script in town!

Key Points:

  • EmEditor was hit by a supply chain attack, distributing infostealer malware.
  • The attack involved a fake installer, signed by an unfamiliar certificate.
  • Chinese security firm Qianxin revealed the malware’s extensive data-stealing antics.
  • The malware checks for system languages and plays favorites with non-Soviet, non-Iranian settings.
  • No clear attribution, but cybercriminals likely behind this digital heist.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?