Larva‑25012Larva‑25012

Also known as: Larva‑25012

Known aliases
1

Profile

Larva‑25012 is a threat actor known for deploying Proxyware, utilizing malware disguised as a Notepad++ installer. The actor injects Proxyware into the Windows Explorer process and employs Python-based loaders to evade detection. They distribute Proxyware installers primarily through advertisements on websites offering free YouTube video downloads and fake sites for cracked software. Larva‑25012 has been active since at least 2024, distributing multiple types of Proxyware, including DigitalPulse, Honeygain, and Infatica.

Aliases· 1

Larva‑25012

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Larva-24010
Actor
Larva-208
Actor
Larva-26002
Actor
Larva-24005
Actor
Storm-1113
Actor
TAG-124
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.