Jun 17, 2026
C2 Hosts: 1
BeaverTail
BeaverTail is a JavaScript malware primarily distributed through NPM packages. It is designed for information theft and to load further stages of malware, specifically a multi-stage Python-based backdoor known as InvisibleFerret. BeaverTail targets cryptocurrency wallets and credit card information stored in the victim's web browsers. Its code is heavily obfuscated to evade detection. Threat actors can either upload malicious NPM packages containing BeaverTail to GitHub or inject BeaverTail code into legitimate NPM projects. Researchers have identified additional Windows and macOS variants, indicating that the BeaverTail malware family is likely still under development.
Linked Threat Actors
WageMole
C2 Infrastructure
Hosting/VPS 100%
Last 7 days
| Date | C2 Hosts |
|---|---|
| Jun 17, 2026 | 1 |
Further Reading
about.gitlab.com opens in a new tab
about.gitlab.com
any.run opens in a new tab
any.run
asec.ahnlab.com opens in a new tab
asec.ahnlab.com
blog.nviso.eu opens in a new tab
blog.nviso.eu
blog.talosintelligence.com opens in a new tab
blog.talosintelligence.com
doi.org opens in a new tab
doi.org
expel.com opens in a new tab
expel.com
github.com opens in a new tab
github.com
gitlab-com.gitlab.io opens in a new tab
gitlab-com.gitlab.io
jp.security.ntt opens in a new tab
jp.security.ntt
jp.security.ntt opens in a new tab
jp.security.ntt
medium.com opens in a new tab
medium.com
mp.weixin.qq.com opens in a new tab
mp.weixin.qq.com
objective-see.org opens in a new tab
objective-see.org
opensourcemalware.com opens in a new tab
opensourcemalware.com
opensourcemalware.com opens in a new tab
opensourcemalware.com
quetzal.bitso.com opens in a new tab
quetzal.bitso.com
radar.securityalliance.org opens in a new tab
radar.securityalliance.org
redasgard.com opens in a new tab
redasgard.com
redasgard.com opens in a new tab
redasgard.com
security.macnica.co.jp opens in a new tab
security.macnica.co.jp
securitylabs.datadoghq.com opens in a new tab
securitylabs.datadoghq.com
securityscorecard.com opens in a new tab
securityscorecard.com
securityscorecard.com opens in a new tab
securityscorecard.com
socket.dev opens in a new tab
socket.dev
socket.dev opens in a new tab
socket.dev
socket.dev opens in a new tab
socket.dev
socket.dev opens in a new tab
socket.dev
socket.dev opens in a new tab
socket.dev
stacklok.com opens in a new tab
stacklok.com
unit42.paloaltonetworks.com opens in a new tab
unit42.paloaltonetworks.com
unit42.paloaltonetworks.com opens in a new tab
unit42.paloaltonetworks.com
web-assets.esetstatic.com opens in a new tab
web-assets.esetstatic.com
web.archive.org opens in a new tab
web.archive.org
www-cdn.anthropic.com opens in a new tab
www-cdn.anthropic.com
abstract.security opens in a new tab
abstract.security
abstract.security opens in a new tab
abstract.security
aikido.dev opens in a new tab
aikido.dev
bitdefender.com opens in a new tab
bitdefender.com
cert.si opens in a new tab
cert.si
esentire.com opens in a new tab
esentire.com
gov.il opens in a new tab
gov.il
group-ib.com opens in a new tab
group-ib.com
microsoft.com opens in a new tab
microsoft.com
nimanthadeshappriya.com opens in a new tab
nimanthadeshappriya.com
recordedfuture.com opens in a new tab
recordedfuture.com
recordedfuture.com opens in a new tab
recordedfuture.com
securonix.com opens in a new tab
securonix.com
securonix.com opens in a new tab
securonix.com
silentpush.com opens in a new tab
silentpush.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
trendmicro.com opens in a new tab
trendmicro.com
virusbulletin.com opens in a new tab
virusbulletin.com
welivesecurity.com opens in a new tab
welivesecurity.com
welivesecurity.com opens in a new tab
welivesecurity.com
zscaler.com opens in a new tab
zscaler.com