WeedHack Malware Infects 116,000+ Minecraft Systems via Fake Mods
Published
Key Takeaways
- Large-Scale Infection: WeedHack has compromised more than 116,000 Minecraft systems since January 2026.
- MaaS Operation: The Minecraft-focused campaign operates as a Malware-as-a-Service infostealer with a customer-facing dashboard.
- Growing Infections: Security researchers estimate that 2,000 to 3,000 new WeedHack infections occur daily.
A large-scale malware campaign dubbed WeedHack is actively targeting Minecraft players and has infected more than 116,000 systems since January. According to McAfee telemetry, 116,464 systems have been compromised, with between 2,000 and 3,000 new infections occurring every day.
Most victims are located in the U.S., Germany, India, and the U.K.
How WeedHack Reaches Minecraft Players
The malware spreads through Minecraft-related malicious mods, clients, cheats, and utilities promoted on YouTube and via SEO poisoning, with more than 240 distribution URLs and 3,820 unique malicious JAR files identified.
The campaign targets keywords associated with popular Minecraft clients, including:
- Meteor Client,
- Radium Client,
- Wurst Client,
- Aristois,
- LiquidBounce,
- Impact Client,
- Future Client,
- Inertia Client,
- Cornos Client,
- WWE Client,
- 3arthh4ck,
- Salhack,
- Phobos,
- Gamesense.
McAfee noted that many of these projects lack official websites and exist only as GitHub pages, making them easier for attackers to impersonate.
WeedHack as a Malware-as-a-Service Platform
WeedHack operates as a malware-as-a-service (MaaS) infostealer, providing customers with a dashboard to view stolen credentials and data from compromised systems. The platform is hosted on the clearnet and freely accessible.
The free tier targets Minecraft session IDs, cookies, and saved passwords across 36 browsers, 56 cryptocurrency add-ons, 12 desktop cryptocurrency wallet apps, and Discord, Steam, and Telegram credentials. It can also capture screenshots.
The premium tier, priced at $5 per month or a one-time lifetime payment of $24.99, adds remote control with mouse and keyboard input, webcam access, a keylogger, remote shell, and remote file management. WeedHack's Telegram channel has over 800 members.
Staying Safe as a Minecraft Player
Minecraft players should only trust mods from official project sources and verify all download links before proceeding. JAR files hosted on dubious sites should be treated with caution. For the safest way to extend the gaming experience, the Minecraft Marketplace remains the recommended option.
Last month, Ukraine investigated a teen suspected of using Infostealers to breach 30,000 customer Accounts at a California online retailer. In April, Rockstar Games announced a data breach that did not impact the organization or its players.
In early 2025, a Path of Exile 2 data breach resulted in hacked player accounts and the theft of in-game items.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular