{"id":60045,"date":"2026-01-22T00:00:00","date_gmt":"2026-01-22T00:00:00","guid":{"rendered":"urn:uuid:a6da7eaa-2589-b04f-79b9-e465a0e571b0"},"modified":"2026-01-22T00:00:00","modified_gmt":"2026-01-22T00:00:00","slug":"watering-hole-attack-targets-emeditor-users-with-information-stealing-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/","title":{"rendered":"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/emeditor-976:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/26\/emeditor-976.png\" class=\"ff-og-image-inserted\"><\/div>\n<p>Based on its geofencing behavior, we assess that the threat actors are likely of Russian origin, or those from the Commonwealth of Independent States (CIS). This aligns with a common pattern observed among groups from this region, where \u201cfriendly\u201d countries are excluded to reduce legal and operational risk. It excludes:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Armenia<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Belarus<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Georgia<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Kazakhstan<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Kyrgyzstan<\/span><\/li>\n<\/ul>\n<p>The malware sends all collected information to its C&amp;C server at:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">hxxps:\/\/cachingdrive[.]com\/gate\/init\/2daef8cd.<\/span><\/li>\n<\/ul>\n<p>Another notable detail we saw is the consistent presence of the unique string \u201c<b>2daef8cd<\/b>\u201d on its communication, suggesting that it may likely resemble some sort of Campaign ID.<\/p>\n<p>As of now, there are already a few recorded instances of the URL being accessed by EmEditor users, suggesting that some have already been likely compromised prior to the company\u2019s announcement.&nbsp;<\/p>\n<p><span class=\"body-subhead-title\">Security best practices again software supply chain attacks<\/span><\/p>\n<p>This incident challenges longstanding assumptions that trusted software can be treated as lower priority during triage, and that installations \u2014 even from official vendors \u2014 is inherently less risky than exploit-driven intrusion. The following best practices can help organizations strengthen their ability to detect and contain this kind of threat:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><b>Validate installer integrity.<\/b> Confirm digital signatures and perform file integrity checks before execution, even when installers are downloaded from official vendor sites. Where possible, compare against a trusted reference to detect tampering or unauthorized modification.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Govern usage of PowerShell. <\/b>Apply controls around PowerShell execution and enable robust logging. Monitor for obfuscated scripts and network-enabled commands, which are commonly abused for payload retrieval and staging.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Preserve endpoint telemetry and visibility.<\/b> Actively monitor for attempts to disable or interfere with logging mechanisms. Protecting telemetry helps maintain detection coverage when attackers attempt to operate with reduced visibility.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Enforce the principle of least privilege to credentials and networks.<\/b> Limit which processes and accounts can access credential storage and restrict where privileged credentials can be used. Monitor authentication activity for anomalies and attempted lateral movement.<\/span><\/li>\n<\/ul>\n<p>For developers and software publishers, this kind of attack shows that protecting how software is built and delivered is just as important as securing the application itself:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><b>Secure download and hosting infrastructure.<\/b> Apply strict access controls and monitoring to download servers and back-end storages. Monitor for unexpected file changes, redirects, or modifications that could indicate tampering with distributed installers.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Publish verifiable integrity information.<\/b> Provide file integrity information and make verification steps explicit so that users can confirm installer authenticity prior to execution.<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><b>Prepare an incident response plan.<\/b> Define procedures for responding to suspected supply chain compromise, including takedown of affected installers, certificate revocation, user notification, and coordination with security vendors.<\/span><\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">Proactive security with TrendAI Vision One\u2122<\/span><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/one-platform.html\">TrendAI Vision One\u2122<\/a> is the industry-leading AI cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection.<\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/threat-intelligence.html\">TrendAI Vision One\u2122 Threat Intelligence Hub<\/a> provides the latest insights on emerging threats and threat actors, exclusive strategic reports from TrendAI\u2122 Research, and TrendAI Vision One\u2122 Threat Intelligence Feed in the TrendAI Vision One\u2122 platform.<\/p>\n<p><b>Emerging Threats:<\/b>&nbsp;<br \/><a href=\"https:\/\/portal.xdr.trendmicro.com\/index.html#\/app\/ti\/intelligence_insights?name=EMEDITOR%20Download%20Site%20Compromised%20to%20deliver%20Credential-Stealing%20Scripts%20in%20a%20Possible%20Watering-Hole%20Attack\">Watering Hole Attack Targets EmEditor Users With Information-Stealing Malware<\/a><\/p>\n<p><a href=\"https:\/\/portal.xdr.trendmicro.com\/index.html#\/app\/ti\/intelligence?intrusionSet=EMEDITOR%20Download%20Site%20Compromised%20to%20deliver%20Credential-Stealing%20Scripts%20in%20a%20Possible%20Watering-Hole%20Attack\">Watering Hole Attack Targets EmEditor Users With Information-Stealing Malware<\/a><\/p>\n<p><span class=\"body-subhead-title\">Hunting Queries&nbsp;<\/span><\/p>\n<p>TrendAI Vision One\u2122 customers can use the Search App to match or hunt the malicious indicators mentioned in this blog post with data in their environment.&nbsp;&nbsp;&nbsp;&nbsp;<\/p>\n<p><b>EMEDITOR Command Lines:<\/b><\/p>\n<p><i><span class=\"blockquote\">processCmd:(powershell AND (emeditorjp.com OR emeditorgb.com\/run\/mg8heP0r OR emeditorde.com\/gate\/start\/2daef8cd OR cachingdrive.com\/gate\/init\/2daef8cd))<\/span><\/i><\/p>\n<p>More hunting queries are available for TrendAI Vision One\u2122 with&nbsp;Threat Intelligence Hub entitlement enabled.&nbsp;<\/p>\n<p><span class=\"body-subhead-title\">Indicators of Compromise (IOCs)<\/span><\/p>\n<p>The indicators of compromise for this entry can be found <a href=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/26\/a\/emeditor\/IOC_watering_hole_attack_targets_emeditor.txt\"><span class=\"bs-modal\">here<\/span><\/a>.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/26\/a\/watering-hole-attack-targets-emeditor-users.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>TrendAI\u2122 Research provides a technical analysis of a compromised EmEditor installer used to deliver multistage malware that performs a range of malicious actions. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":60046,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,11125,9511,9509],"class_list":["post-60045","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-risk","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-22T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/emeditor-976:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware\",\"datePublished\":\"2026-01-22T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/\"},\"wordCount\":622,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Risk\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/\",\"name\":\"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png\",\"datePublished\":\"2026-01-22T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/","og_locale":"en_US","og_type":"article","og_title":"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-01-22T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/emeditor-976:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware","datePublished":"2026-01-22T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/"},"wordCount":622,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Risk","Trend Micro Research : Cyber Threats","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/","url":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/","name":"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png","datePublished":"2026-01-22T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware.png","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/watering-hole-attack-targets-emeditor-users-with-information-stealing-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"Watering Hole Attack Targets EmEditor Users with Information-Stealing Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60045","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=60045"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/60045\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/60046"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=60045"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=60045"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=60045"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}