MALWARE FAMILY
WEEVILPROXY
Internal ID: js.weevilproxy
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
WEEVILPROXY is a sophisticated and featureful stealer which has a payload primarily written in NodeJS. The developer has put in concerted effort to develop the malware’s breadth of capabilities, including novel techniques not observed in any prior malware campaigns - to our knowledge. These new TTPs include methods to modify Windows Setup and Windows Recovery to enable long-term persistence, as well as methods to patch browser extensions ‘on the fly’.
Threat Analysis
WEEVILPROXY is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.
External References
Quick Facts
TypeMalware Family
Aliases1
Also Known As
js.weevilproxy
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.