HOMETHREATSBeaverTail
APT / THREAT GROUP

BeaverTail

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

BeaverTail is a JavaScript malware primarily distributed through NPM packages. It is designed for information theft and to load further stages of malware, specifically a multi-stage Python-based backdoor known as InvisibleFerret. BeaverTail targets cryptocurrency wallets and credit card information stored in the victim's web browsers. Its code is heavily obfuscated to evade detection. Threat actors can either upload malicious NPM packages containing BeaverTail to GitHub or inject BeaverTail code into legitimate NPM projects. Researchers have identified additional Windows and macOS variants, indicating that the BeaverTail malware family is likely still under development.

Threat Analysis

BeaverTail is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

Intelligence Reports Mentioning BeaverTail

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

osx.beavertailBeaverTailjs.beavertail

External Intelligence

Malpedia: osx.beavertail

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
BeaverTail — APT / Threat Group | Threat Intelligence | CTIWATCH.COM