SYMBOLCOMMON_NAMEaka. SYNONYMS
js.weevilproxy (Back to overview)

WEEVILPROXY

aka: JSCEAL

WEEVILPROXY is a sophisticated and featureful stealer which has a payload primarily written in NodeJS. The developer has put in concerted effort to develop the malware’s breadth of capabilities, including novel techniques not observed in any prior malware campaigns - to our knowledge. These new TTPs include methods to modify Windows Setup and Windows Recovery to enable long-term persistence, as well as methods to patch browser extensions ‘on the fly’.

References
2025-06-27WithSecureMohammad Kazem Hassan Nejad
WEEVILPROXY
WEEVILPROXY

There is no Yara-Signature yet.