HOMETHREATSWEEVILPROXY
MALWARE FAMILY

WEEVILPROXY

Internal ID: js.weevilproxy
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

WEEVILPROXY is a sophisticated and featureful stealer which has a payload primarily written in NodeJS. The developer has put in concerted effort to develop the malware’s breadth of capabilities, including novel techniques not observed in any prior malware campaigns - to our knowledge. These new TTPs include methods to modify Windows Setup and Windows Recovery to enable long-term persistence, as well as methods to patch browser extensions ‘on the fly’.

Threat Analysis

WEEVILPROXY is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

js.weevilproxy

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
WEEVILPROXY — Malware Family | Threat Intelligence | CTIWATCH.COM