McAfee researchers have uncovered a large Malware-as-a-Service (MaaS) operation targeting Minecraft players through trojanized mods, cheats, and game clients.
The campaign, dubbed WeedHack, has infected more than 116,000 systems since January 2026 and offers aspiring cybercriminals a professional malware platform for as little as $5 per month.
The campaign was discovered by McAfee Labs researcher Aayush Tyagi, who found that WeedHack is distributed through a combination of YouTube videos, search engine manipulation, and convincing websites masquerading as legitimate Minecraft download portals. Researchers identified more than 3,820 unique malicious JAR files and over 240 URLs used to spread the malware.
McAfee
Minecraft, developed by Mojang Studios, is the world's best-selling video game, with more than 350 million copies sold. Its thriving ecosystem of third-party mods, launchers, and custom clients creates an attractive environment for attackers looking to distribute malware disguised as popular community tools.
According to McAfee, WeedHack operators actively target users searching for popular Minecraft mods and clients. Attackers upload tutorial and showcase videos on YouTube, often linking to fake download sites that closely resemble legitimate project pages. Some of the videos identified by researchers had already attracted thousands of views.
McAfee
What sets WeedHack apart from many malware operations is its accessibility. Traditional malware subscription services often cost hundreds of dollars per month and are primarily sold through underground cybercrime forums. WeedHack, by contrast, offers a free tier and premium plans starting at $5 per month, significantly lowering the barrier to entry for would-be attackers.
McAfee
McAfee also discovered a web-based management dashboard that allows customers to monitor infections, access stolen data, and track campaign statistics. The platform includes tutorials covering malware distribution techniques, operational security guidance, and other resources designed to help users maximize infections.
Researchers observed that the malware has been used not only for credential theft and account hijacking but also, in some cases, to harass victims through its remote-access features. However, McAfee notes that the primary driver behind the campaign's growth appears to be the theft of Minecraft accounts and other valuable credentials.
McAfee
McAfee reports that WeedHack infections are most prevalent in the United States, followed by Germany, India, the United Kingdom, Italy, and several other countries.
Users are advised to download Minecraft mods only from official project websites and trusted repositories, avoid files promoted through suspicious YouTube channels, and treat any site that recommends disabling security software as a major warning sign.
Leave a Reply