Particle.news
Download on the App Store

WeedHack Infects More Than 116,000 Minecraft PCs Through Fake Mods

A clear‑web malware‑as‑a‑service makes powerful infostealer and remote‑access tools cheap and easy to use, increasing risks of account theft and webcam spying.

Overview

  • McAfee's June 2 report showed the WeedHack campaign has compromised about 116,464 systems since January and is adding roughly 2,000 to 3,000 new infections each day.
  • Operators push malicious Java JARs disguised as Minecraft mods or clients via SEO‑poisoned search results and YouTube videos that include download links and instructions.
  • WeedHack is run as a web dashboard service with a free tier that steals Minecraft session IDs, browser cookies and saved passwords and paid tiers starting at $4.99 per month that add webcam access, keylogging and remote shell control.
  • The malware uses a multi‑stage Java payload chain, hides command servers through an EtherHiding technique that leverages the Ethereum blockchain, and attempts to evade Windows Defender by configuring exclusions.
  • Researchers observed a Telegram community of roughly 800–850 members where many users, often teenagers, used the tool for harassment and webcam spying; some channels and domains were removed but operators are creating replacements so basic defenses remain critical.