HOMETHREATSWEEVILPROXY
APT / THREAT GROUP

WEEVILPROXY

3
aliases
Last seen:Mar 17, 2026

Intelligence Profile

WEEVILPROXY is a sophisticated and featureful stealer which has a payload primarily written in NodeJS. The developer has put in concerted effort to develop the malware’s breadth of capabilities, including novel techniques not observed in any prior malware campaigns - to our knowledge. These new TTPs include methods to modify Windows Setup and Windows Recovery to enable long-term persistence, as well as methods to patch browser extensions ‘on the fly’.

Threat Analysis

WEEVILPROXY is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases3

Also Known As

JSCEALjs.weevilproxyWEEVILPROXY

External Intelligence

Malpedia: js.weevilproxy

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.