EmEditor Homepage Download Button Served Malware for 4 Days

Warning for EmEditor users: A third-party breach tampered with the official download link between Dec 19–22, 2025. Learn how to identify the fake installer and protect your data from infostealer malware.

If you have downloaded the popular writing and coding tool EmEditor recently, you might want to double-check your computer. Between December 19 and December 22, 2025, a security breach on the software’s official website caused the main “Download Now” button to serve a fake, malicious installer instead of the real program.

The developer of the tool, Emurasoft, Inc., discovered that a third party managed to mess with the website’s redirect settings. This meant that while users thought they were getting a safe update, they were actually being sent to a different part of the site to download a file that hadn’t been created by the company at all.

How to Spot the Fake

According to ...