Back

WeedHack Malware Campaign Infects Over 116,000 Minecraft Players

Severity: High (Score: 64.5)

Sources: Bleepingcomputer, www.mcafee.com, Digitaltrends

Published: 2026-06-03 · Updated: 2026-06-03

Keywords: malware, campaign, minecraft, infected, over, players, systems

Severity indicators: pla, malware

Summary

The WeedHack malware campaign has reportedly infected over 116,000 Minecraft players since January 2026. This operation primarily targets users through malicious mods, cheats, and tools shared on platforms like YouTube and Discord. The malware functions as a malware-as-a-service (MaaS) infostealer, allowing operators to access stolen credentials and personal information via a dashboard. Victims are predominantly located in the United States, Germany, India, and the UK, with infections averaging 2,000 to 3,000 daily. The campaign utilizes SEO poisoning and fake download links to lure victims, often masquerading as legitimate Minecraft enhancements. Infected users have reported harassment and blackmail, indicating the campaign's invasive nature. The malware can capture sensitive data, including Discord tokens and cryptocurrency wallet information. McAfee's telemetry indicates the operation is ongoing, with over 240 distribution URLs and 3,820 unique malicious files identified. Key Points: • WeedHack has infected over 116,000 Minecraft players since January 2026. • The malware spreads through malicious mods and SEO poisoning on YouTube. • Victims face harassment and blackmail due to stolen personal information.

Detailed Analysis

**Impact** Over 116,000 systems, primarily belonging to Minecraft players, have been infected globally since January 2026, with the highest concentrations in the United States, Germany, India, and the UK. The malware campaign targets gaming communities, affecting individual users rather than enterprises, and results in theft of personal data including browser credentials, Discord tokens, cryptocurrency wallet information, and screenshots. Victims have experienced harassment, blackmail, and public humiliation using stolen data, indicating operational impacts beyond financial theft. The campaign compromises user privacy and trust within large gaming ecosystems. **Technical Details** WeedHack malware is distributed via malicious Minecraft mods, cheats, cracked software, and community tools promoted through Discord servers, gaming forums, YouTube videos, and SEO poisoning targeting popular Minecraft client keywords. The malware operates as a MaaS infostealer with a dashboard for customers to access stolen data and manage infections. It targets session IDs, credentials across 36 browsers, 56 crypto add-ons, 12 desktop wallets, and messaging platforms including Discord, Steam, and Telegram. The premium tier adds remote control capabilities such as keylogging, webcam access, and remote shell. Over 240 distribution URLs and 3,820 unique malicious JAR files have been identified. No CVEs or specific exploited vulnerabilities were reported. **Recommended Response** Users should avoid downloading Minecraft mods, cheats, or cracked software from unofficial sources, especially Discord servers and unverified websites. Enable multi-factor authentication on gaming and associated accounts, regularly scan devices with updated antivirus tools, and avoid password reuse across platforms. Network defenders should monitor for indicators such as suspicious JAR files, unusual outbound connections to known WeedHack infrastructure, and unauthorized remote access behaviors. No specific patches are available; focus on user education and blocking identified distribution URLs and malware hashes.

Source articles (4)

  • Over 116,000 Mincraft systems infected in WeedHack malware campaign — Bleepingcomputer · 2026-06-02
    A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. The malware is distributed through Minecraft-related malicious m…
  • Minecraft malware campaign reportedly infected over 116,000 players — Digitaltrends · 2026-06-02
    What started as another Minecraft modding campaign has turned into one of the more disturbing malware stories tied to gaming communities this year. Security researchers at McAfee have uncovered a larg…
  • McAfee explains — www.mcafee.com · 2026-06-02
  • Minecraft Malware Campaign Research Teen Hacker Cyberbullying — www.mcafee.com · 2026-06-02

Timeline

  • 2026-01-01 — WeedHack campaign begins: The malware campaign starts targeting Minecraft players via malicious mods and cheats.
  • 2026-06-02 — McAfee reports on WeedHack infections: McAfee reveals that over 116,000 systems have been infected, with an average of 2,000 to 3,000 new infections daily.
  • 2026-06-02 — Malware distribution methods detailed: The campaign uses YouTube videos and SEO poisoning to distribute malicious files, with over 240 URLs identified.

Related entities

  • Malware (Attack Type)
  • WeedHack Campaign (Campaign)
  • Germany (Country)
  • India (Country)
  • United States (Country)
  • WeedHack (Malware)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • T1056 - Input Capture (Mitre Attack)
  • T1566.002 - Spearphishing Link (Mitre Attack)
  • Discord (Platform)
  • GitHub (Platform)
  • Minecraft (Platform)
  • YouTube (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed