– WeedHack is a Malware-as-a-Service campaign infecting Minecraft players through fake mods, clients, and utility tools since January 2026.
– Over 116,000 systems have been infected globally, with 2,000-3,000 new infections daily.
– The malware spreads via YouTube SEO poisoning, using fake mod videos to redirect users to malicious URLs (over 240 identified).
– WeedHack steals session IDs, browser credentials, crypto wallets, and Premium tiers enable webcam, keyboard, and mouse control.
– To stay safe, only download mods from trusted platforms like NexusMods, CurseForge, or Modrinth.
Minecraft Under Siege From Nasty Malware Operation
Minecraft is known for its extensive modding community and third-party mod support, which has always attracted players to innovate and create new quality-of-life and visually impressive mods. However, some online sleuths and hackers have taken this opportunity to infect Minecraft players systems with malware.
A New Malware-As-A-Service Called WeedHack
Currently, a Malware-as-a-Service operation is threatening the Minecraft community, as researchers at McAfee Labs have discovered. This service, called WeedHack, has been discreetly affecting gamers systems since January 2026 by injecting code into fake Minecraft mods, clients, and utility tools. The number of infected users is staggering.
Staggering Infection Numbers Found
McAfees telemetry shows that the WeedHack Malware-as-a-Service campaign has logged over 100,000 (specifically, 116,464) infected systems worldwide, with an average of 2,000 to 3,000 systems infected each day.
Researcher Reveals Scope of Attack
McAfee researcher Aayush Tyagi laid out his findings in an official blog post, stating: “We’ve discovered over 3,820 unique malicious JAR files that are part of this attack and over 240 URLs responsible for distributing this malware. This campaign utilizes SEO poisoning on YouTube to generate traffic to these malicious URLs. We also found two YouTube channels and multiple videos that demonstrate Minecraft mods and clients and redirect viewers to these URLs.”
Cyberbullying Is A Major Catalyst Here
McAfee researchers infiltrated associated WeedHack Telegram channels and reported that “WeedHack malware is a major catalyst for cyberbullying. Many of its customers appear to be teenagers and young adults and are using remote access capabilities to threaten, harass, and monitor their victims, who are around the same age.”
Technical Skills Not Required To Use This Service
The WeedHack MaaS doesnt require advanced technical skills. Its openly sold on the internet with a free tier and premium tiers starting from just $5 per month or a $24.99 lifetime purchase.
What Data Does WeedHack Actually Steal
WeedHack primarily steals Minecraft session IDs via multiple launchers, browser passwords, cookies across browsers, Discord and Steam credentials, cryptocurrency wallet data, system information, and screenshots. It also goes so far as to disable Windows Defender services using a technique called EtherHiding.
Premium Tier Enables Even Worse Attacks
WeedHack Premium takes things a step further, allowing hackers to obtain live webcam access, monitor and control keyboard and mouse inputs, log keystrokes, access command lines, and upload or download data.
How To Stay Safe From This Threat
The best way users can protect themselfs from malicious mods infected with WeedHack is simple: only download mods approved on NexusMods, CurseForge, Modrinth, or other community-trusted clients.
- Never download mods from random YouTube links
- Stick to trusted platforms like CurseForge and Modrinth
- Keep Windows Defender enabled and updated
- Be cautious of “free” premium mod offers
Leave a Reply