EmEditor Download Button Compromised to Distribute Infostealer Malware

Between December 19 and 22, 2025, the official download button for EmEditor, a Windows-based text editor developed by Emurasoft, was compromised by an unauthorized third party. During this period, users attempting to download EmEditor were redirected to a malicious installer containing infostealer malware. This malware was designed to exfiltrate sensitive data, with a particular focus on credentials and SSH keys from applications such as Evernote, Notion, PuTTY, and WinSCP. The incident was resolved on December 22, 2025, but the number of affected users has not been disclosed. Notably, no specific Common Vulnerabilities and Exposures (CVE) identifiers or detailed attack methods have been provided in the available information. This incident highlights the ongoing risk of supply chain attacks and the importance of verifying the integrity of software download sources. Cybersecurity professionals are advised to monitor for potential indicators of compromise related to this campaign and to reinforce user education on the risks of downloading software from untrusted sources.