McAfee Warns 100,000+ Minecraft Players Infected by Malware

Minecraft Under Siege From Nasty Malware Operation

Minecraft is known for its extensive modding community and third-party mod support, which has always attracted players to innovate and create new quality-of-life and visually impressive mods. However, some online sleuths and hackers have taken this opportunity to infect Minecraft players systems with malware.

A New Malware-As-A-Service Called WeedHack

Currently, a Malware-as-a-Service operation is threatening the Minecraft community, as researchers at McAfee Labs have discovered. This service, called WeedHack, has been discreetly affecting gamers systems since January 2026 by injecting code into fake Minecraft mods, clients, and utility tools. The number of infected users is staggering.

Staggering Infection Numbers Found

McAfees telemetry shows that the WeedHack Malware-as-a-Service campaign has logged over 100,000 (specifically, 116,464) infected systems worldwide, with an average of 2,000 to 3,000 systems infected each day.

Researcher Reveals Scope of Attack

McAfee researcher Aayush Tyagi laid out his findings in an official blog post, stating: “We’ve discovered over 3,820 unique malicious JAR files that are part of this attack and over 240 URLs responsible for distributing this malware. This campaign utilizes SEO poisoning on YouTube to generate traffic to these malicious URLs. We also found two YouTube channels and multiple videos that demonstrate Minecraft mods and clients and redirect viewers to these URLs.”

Cyberbullying Is A Major Catalyst Here

McAfee researchers infiltrated associated WeedHack Telegram channels and reported that “WeedHack malware is a major catalyst for cyberbullying. Many of its customers appear to be teenagers and young adults and are using remote access capabilities to threaten, harass, and monitor their victims, who are around the same age.”

Technical Skills Not Required To Use This Service

The WeedHack MaaS doesnt require advanced technical skills. Its openly sold on the internet with a free tier and premium tiers starting from just $5 per month or a $24.99 lifetime purchase.

What Data Does WeedHack Actually Steal

WeedHack primarily steals Minecraft session IDs via multiple launchers, browser passwords, cookies across browsers, Discord and Steam credentials, cryptocurrency wallet data, system information, and screenshots. It also goes so far as to disable Windows Defender services using a technique called EtherHiding.

Premium Tier Enables Even Worse Attacks

WeedHack Premium takes things a step further, allowing hackers to obtain live webcam access, monitor and control keyboard and mouse inputs, log keystrokes, access command lines, and upload or download data.

How To Stay Safe From This Threat

The best way users can protect themselfs from malicious mods infected with WeedHack is simple: only download mods approved on NexusMods, CurseForge, Modrinth, or other community-trusted clients.