top of page
perceptive_background_267k.jpg

Over 116,000 Minecraft systems infected in WeedHack malware campaign

Published:

2 juni 2026 om 21:54:49

Alert date:

3 juni 2026 om 05:00:26

Source:

bleepingcomputer.com

Click to open the original link from this advisory

Ransomware & Malware, Data Breach & Exfiltration

A large-scale malware campaign called WeedHack is targeting Minecraft players and has successfully infected over 116,000 systems since January. The campaign specifically targets the Minecraft gaming community, representing a significant threat to gaming platforms and users. The high infection count indicates this is an active and successful malware distribution operation. The campaign appears to be ongoing and poses a substantial risk to Minecraft users worldwide.

Technical details

WeedHack is a malware-as-a-service (MaaS) infostealer operation targeting Minecraft players. It has infected 116,464 systems since January, averaging 2,000-3,000 infections daily. The malware is distributed through malicious Minecraft mods, clients, cheats, and utilities via YouTube videos and SEO poisoning. The operation uses 240+ distribution URLs and 3,820 unique malicious JAR files. Free tier targets Minecraft session IDs, cookies, passwords across 36 browsers, 56 cryptocurrency add-ons, 12 desktop crypto wallets, Discord, Steam, and Telegram credentials, plus screenshot capture. Premium tier ($5/month or $24.99 lifetime) adds remote control with input access, webcam access, keylogger, remote shell, and file management.

Mitigation steps:

Only trust mods from official project sources
Verify download links
Treat JAR files hosted on dubious sites with caution
Use the in-game Minecraft Marketplace for safe mod downloads
Avoid downloading Minecraft-related tools from YouTube video descriptions or comments

Affected products:

Minecraft versions 1.21.0-1.21.10
Meteor Client
Radium Client
Wurst Client
Aristois
LiquidBounce
Impact Client
Future Client
Inertia Client
Cornos Client
WWE Client
3arthh4ck
Salhack
Phobos
Gamesense
Skytils
36 browsers
56 cryptocurrency add-ons
12 desktop cryptocurrency wallets
Discord
Steam
Telegram

Related links:

https://www.mcafee.com/blogs/other-blogs/mcafee-labs/weedhack-minecraft-malware-as-a-service-campaign-research/

Related CVE's:

Related threat actors:

IOC's:

240+ distribution URLs, 3,820 unique malicious JAR files, WeedHack dashboard hosted on clear net, Telegram channel with 800+ members

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page