APT / THREAT GROUP
WEEVILPROXY
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
WEEVILPROXY is a sophisticated and featureful stealer which has a payload primarily written in NodeJS. The developer has put in concerted effort to develop the malware’s breadth of capabilities, including novel techniques not observed in any prior malware campaigns - to our knowledge. These new TTPs include methods to modify Windows Setup and Windows Recovery to enable long-term persistence, as well as methods to patch browser extensions ‘on the fly’.
Threat Analysis
WEEVILPROXY is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
JSCEALjs.weevilproxyWEEVILPROXY
External Intelligence
Malpedia: js.weevilproxyResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.