Over 116,000 Minecraft systems infected in WeedHack malware campaign
The WeedHack malware campaign is a large-scale operation targeting Minecraft players by distributing malicious mods, clients, cheats, and utilities. Since January 2026, it has infected over 116,000 systems globally, primarily in the US, Germany, India, and the UK. The malware operates as a malware-as-a-service (MaaS) infostealer, offering free and premium tiers that steal credentials, session IDs, cookies, and cryptocurrency wallet data, and provide remote access capabilities. Distribution relies heavily on YouTube videos and SEO poisoning to lure victims to malicious download sites. The campaign's scale is reflected in thousands of unique malicious files and hundreds of distribution URLs. Users are advised to only download Minecraft mods from official sources and use the in-game Marketplace for safety.
AI Analysis
Technical Summary
WeedHack is a malware-as-a-service campaign targeting Minecraft users by distributing malicious Java Archive (JAR) files masquerading as mods, clients, and cheats. It uses YouTube videos with download links and SEO poisoning to direct victims to malicious sites. The malware steals Minecraft session IDs, browser cookies, saved passwords across multiple browsers, cryptocurrency wallet credentials, and credentials for platforms like Discord, Steam, and Telegram. The free tier provides infostealing capabilities, while the premium tier adds remote control features including keylogging, webcam access, and remote shell. The operation is notable for its scale, infecting over 116,000 systems since January 2026, with a large number of distribution URLs and unique malicious files. The campaign primarily affects users in the United States, Germany, India, and the UK.
Potential Impact
The campaign has compromised over 116,000 systems, enabling attackers to steal sensitive credentials and session information across multiple platforms and browsers. The premium tier's remote access features allow attackers to control victim systems, capture keystrokes, screenshots, and webcam feeds, increasing the risk of privacy invasion and further exploitation. The malware's distribution through popular gaming-related content increases the likelihood of victim infection, especially among younger users. The campaign's scale and persistence indicate a significant ongoing threat to the Minecraft player community.
Mitigation Recommendations
No official patch or vendor advisory is available for this malware campaign. Users should avoid downloading Minecraft mods, clients, or cheats from unofficial or suspicious sources, especially those promoted via YouTube or SEO-poisoned websites. Only trust mods from official project sources or the in-game Minecraft Marketplace. Verify download links carefully and treat JAR files from dubious sites with extreme caution. Security teams should educate users about the risks of downloading unauthorized game modifications and monitor for signs of infection related to credential theft or remote access malware.
Affected Countries
United States, Germany, India, United Kingdom
Over 116,000 Minecraft systems infected in WeedHack malware campaign
Description
The WeedHack malware campaign is a large-scale operation targeting Minecraft players by distributing malicious mods, clients, cheats, and utilities. Since January 2026, it has infected over 116,000 systems globally, primarily in the US, Germany, India, and the UK. The malware operates as a malware-as-a-service (MaaS) infostealer, offering free and premium tiers that steal credentials, session IDs, cookies, and cryptocurrency wallet data, and provide remote access capabilities. Distribution relies heavily on YouTube videos and SEO poisoning to lure victims to malicious download sites. The campaign's scale is reflected in thousands of unique malicious files and hundreds of distribution URLs. Users are advised to only download Minecraft mods from official sources and use the in-game Marketplace for safety.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
WeedHack is a malware-as-a-service campaign targeting Minecraft users by distributing malicious Java Archive (JAR) files masquerading as mods, clients, and cheats. It uses YouTube videos with download links and SEO poisoning to direct victims to malicious sites. The malware steals Minecraft session IDs, browser cookies, saved passwords across multiple browsers, cryptocurrency wallet credentials, and credentials for platforms like Discord, Steam, and Telegram. The free tier provides infostealing capabilities, while the premium tier adds remote control features including keylogging, webcam access, and remote shell. The operation is notable for its scale, infecting over 116,000 systems since January 2026, with a large number of distribution URLs and unique malicious files. The campaign primarily affects users in the United States, Germany, India, and the UK.
Potential Impact
The campaign has compromised over 116,000 systems, enabling attackers to steal sensitive credentials and session information across multiple platforms and browsers. The premium tier's remote access features allow attackers to control victim systems, capture keystrokes, screenshots, and webcam feeds, increasing the risk of privacy invasion and further exploitation. The malware's distribution through popular gaming-related content increases the likelihood of victim infection, especially among younger users. The campaign's scale and persistence indicate a significant ongoing threat to the Minecraft player community.
Mitigation Recommendations
No official patch or vendor advisory is available for this malware campaign. Users should avoid downloading Minecraft mods, clients, or cheats from unofficial or suspicious sources, especially those promoted via YouTube or SEO-poisoned websites. Only trust mods from official project sources or the in-game Minecraft Marketplace. Verify download links carefully and treat JAR files from dubious sites with extreme caution. Security teams should educate users about the risks of downloading unauthorized game modifications and monitor for signs of infection related to credential theft or remote access malware.
Affected Countries
Technical Details
- Article Source
- {"url":"https://www.bleepingcomputer.com/news/security/over-116-000-minecraft-systems-infected-in-weedhack-malware-campaign/","fetched":true,"fetchedAt":"2026-06-03T22:56:29.620Z","wordCount":813}
Threat ID: 6a20b11ee29bf47b50faa5b6
Added to database: 6/3/2026, 10:56:30 PM
Last enriched: 6/3/2026, 10:56:45 PM
Last updated: 6/4/2026, 6:34:05 AM
Views: 11
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.