216.73.217.172

EmEditor Homepage Download Button Served Malware for 4 Days

· Published 30/12/2025 16:57 · Modified 30/12/2025 17:22

Export JSON

Essential information

Published
30/12/2025 16:57
Modified
30/12/2025 17:22
Tags
2025-12-30 browser extension cryptocurrency data theft digital signature emeditor infostealer website compromise
Related entities
1 observables, 8 techniques (mitre), 2 others

Description

Between December 19-22, 2025, 's official website suffered a security breach, causing the main download button to serve malicious software. The fake installer, signed by WALSHAM INVESTMENTS LIMITED, contained malware targeting login credentials, browser history, and VPN settings. It specifically targeted technical staff and government offices, stealing files and installing a fraudulent for remote control and address swapping. Users who downloaded during this period are advised to check the , delete suspicious files, and change stored passwords. Emurasoft is investigating the incident and has apologized for the inconvenience.

External references