Ethical Hacking News
Over 116,000 Minecraft systems have been infected by the recent WeedHack malware campaign, which has distributed malicious mods and tools through YouTube and SEO poisoning. The operation's scope extends beyond just infection numbers, with over 800 members in its Telegram channel and a wide range of targeted data stolen from compromised systems.
Minecraft players are targeted by the WeedHack malware campaign, which has infected over 116,000 systems since January. The malware is distributed through YouTube videos and SEO poisoning, disguising itself as legitimate Minecraft-related tools. The attack vectors include multiple Minecraft mods and clients, with some having no official websites. The malware steals sensitive information such as session IDs, cookies, passwords, and cryptocurrency data. The free tier of the operation targets session ID theft, while a premium subscription offers remote control and other malicious features for $5/month or $24.99 one-time. Players are advised to exercise caution when downloading mods and to only trust them from official sources.
A recent malware campaign dubbed WeedHack has made its way into the gaming world, specifically targeting Minecraft players. According to telemetry data from cybersecurity company McAfee, the campaign has infected over 116,000 systems since January. This malicious operation utilizes Minecraft-related mods, clients, cheats, and utilities that are distributed through YouTube and SEO poisoning.
The scale of this operation is staggering, with more than 240 distribution URLs and 3,820 unique malicious JAR files. The malware-as-a-service (MaaS) operation works by distributing these infected files to unsuspecting players, who then unknowingly install them on their systems. Once installed, the malware begins to steal sensitive information such as Minecraft session IDs, cookies, saved passwords, and even cryptocurrency data.
The distribution of this malware primarily occurs through YouTube videos showcasing Minecraft-related tools and SEO poisoning promoting them. Attackers drop download links in comments and descriptions, often disguising themselves by using authentic-looking project names and logos. These videos are designed to appear legitimate, featuring voice-over narration for added authenticity, with some accumulating over 7,500 views.
The attack vectors employed by the WeedHack campaign include Meteor Client, Radium Client, Wurst Client, Aristois, LiquidBounce, Impact Client, Future Client, Inertia Client, Cornos Client, WWE Client, and Gamesense. Many of these projects do not have official websites, only GitHub pages, making it challenging for players to determine whether a particular file is malicious or not.
One notable example highlighted by McAfee is a malicious website that displays a security notice warning visitors about downloading 'Skytils' from the official site. The site even links to the project's legitimate GitHub repository and Discord server to create a strong false sense of legitimacy, further clouding the lines between authentic and malicious content.
The WeedHack platform is hosted on clear net and provides access to anyone for free, which is unusual for infostealer operations. Users are given access to a dashboard that showcases an overview of their victims, infected system profiles, stolen data, and even a payload builder for Minecraft versions 1.21.0 through 1.21.10.
The free tier of the operation targets Minecraft session ID theft, cookies, and saved passwords across 36 browsers, 56 cryptocurrency add-ons, 12 desktop cryptocurrency wallet apps, Discord, Steam, and Telegram credentials, and can even capture screenshots. For a premium tier subscription for $5/month or a one-time purchase of $24.99, users gain access to remote control with input access (mouse and keyboard), webcam access, keylogger, remote shell, and remote file management.
The scope of this operation is broad, with over 800 members in the Telegram channel of the campaign. Many clients appear to be teenagers or young adults using WeedHack's remote access tools to harass their victims, highlighting the potential risks associated with the use of such malicious software.
In response to this threat, Minecraft players are advised to exercise caution when downloading mods and to only trust them from official project sources. Players should also verify download links and treat JAR files hosted on dubious sites with extreme suspicion.
The Minecraft Marketplace is considered a safer option for those looking to extend their playing experience.
Related Information:
https://www.ethicalhackingnews.com/articles/Minecraft-Malware-Campaign-Targets-Over-116000-Players-The-Rise-of-WeedHack-ehn.shtml
https://www.bleepingcomputer.com/news/security/over-116-000-mincraft-systems-infected-in-weedhack-malware-campaign/
https://cyberinsider.com/weedhack-minecraft-malware-campaign-infects-over-116000-pcs/
Published: Tue Jun 2 18:02:38 2026 by llama3.2 3B Q4_K_M
