WeedHack Malware Campaign Infects 116,000 Minecraft Players Through Fake Mods

A massive malware campaign called WeedHack is targeting Minecraft players through fake mods, cheats, hacked clients, and utility tools. Security researchers at McAfee say the operation has already infected more than 116,000 systems since January, with thousands of new victims appearing every day.

The campaign mainly spreads through YouTube videos, SEO-poisoned search results, and fake Minecraft mod websites designed to impersonate popular community projects. Attackers reportedly use YouTube descriptions and comments to distribute malicious download links.

According to McAfee telemetry, WeedHack has impacted 116,464 systems so far. The malware campaign averages between 2,000 and 3,000 infections daily, with the United States, Germany, India, and the United Kingdom among the most affected countries.

Fake Minecraft Mods Used to Spread Malware

The campaign specifically targets Minecraft players searching for popular modding tools and hacked clients. Threat actors abuse the names of well-known Minecraft utilities to trick users into downloading infected files.

McAfee says the attackers impersonate projects such as Meteor Client, Wurst Client, LiquidBounce, Impact Client, Future Client, Aristois, and several others. Many of these tools officially distribute software through GitHub pages instead of dedicated websites, which makes fake clone sites easier to create.

Victims searching through Google or YouTube may encounter malicious websites that appear legitimate at first glance. Some fake sites even copy branding, screenshots, and download layouts from real Minecraft projects.

WeedHack Operates as Malware-as-a-Service

Researchers describe WeedHack as a malware-as-a-service infostealer platform. The operation reportedly provides users with a dashboard where they can monitor infected systems and review stolen information.

WeedHack also includes a paid subscription tier with expanded capabilities. The upgraded package reportedly adds remote control features, webcam access, and other advanced tools that allow attackers to interact directly with infected systems.

How Minecraft Players Can Stay Safe

Researchers recommend downloading Minecraft mods only from official project pages and trusted community platforms. Players should avoid downloading random JAR files from YouTube comments, unofficial mirrors, or suspicious websites promoted through search results.

McAfee also warns users to verify URLs carefully before downloading Minecraft tools, especially when searching for hacked clients or utility software.

For casual players who do not need third-party mods, the safest option remains the official Minecraft Marketplace.

Meanwhile, a Visual Studio Code zero-day vulnerability is reportedly enabling attackers to gain access to private GitHub repositories, while Microsoft is warning users about a Windows 11 Netlogon exploit and urging them to install the latest updates.

In a separate development, the company has also removed a blog post discussing Windows 11’s built-in security features.

Via BleepingComputer