Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: weedhack (1 article)Clear

WeedHack malware-as-a-service infostealer infects 116,000+ Minecraft systems via YouTube and SEO-poisoned fake mods and cheat clients

McAfee has detailed WeedHack, a malware-as-a-service infostealer campaign that has infected more than 116,000 systems since January by targeting Minecraft players. The malware spreads through malicious Minecraft mods, clients, cheats, and utilities promoted via YouTube videos (some with voice-over narration and thousands of views) and SEO poisoning of keywords matching popular clients like Meteor, Wurst, LiquidBounce, and Impact. WeedHack averages 2,000-3,000 infections daily, mostly in the US, Germany, India, and the UK, across 240+ distribution URLs and 3,820 unique malicious JAR files. It offers customers a dashboard to view stolen credentials and victim data. Some fake sites even link to legitimate GitHub repos to fabricate credibility.

Check
Brief staff and family-device users that Minecraft mods, cheats, and clients from YouTube links or search results frequently carry infostealers. Hunt endpoints for the 3,820 known WeedHack JAR hashes.
Affected
Minecraft players (often younger users on shared/home devices) installing third-party mods, cheats, and clients. 116,000+ infected since January, mostly US, Germany, India, UK. MaaS dashboard tracks victims.
Fix
Source Minecraft tools only from official project pages. Apply McAfee WeedHack IoCs and block known distribution URLs. Rotate credentials on any system that ran an untrusted JAR.