Find notable cyber news and cases, enriched with sources, timelines, and signals.

WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access

Malware Activity
First reported
Last updated
Happening score
H score 65
2 unique sources, 3 articles

Summary

Hide ▲

WeedHack is a Minecraft-focused malware-as-a-service operation that has been active since January 2026 and uses SEO poisoning and YouTube to push malicious downloads that infect users. McAfee Labs says the campaign impersonates Minecraft clients and mods, has identified 3820 unique malicious JAR files and over 240 URLs, and uses weedhack[.]to to expose stolen data and manage compromised systems. The platform targets Minecraft versions 1.21.0 to 1.21.11, steals credentials and system information, and offers paid remote-access features including webcam access, keylogging, reverse shell execution, and screen sharing. Most infections are in the U.S., followed by Germany, India, the U.K., Italy, Vietnam, Canada, Norway, Sweden, Finland, and Spain.

Related Happenings

WeedHack YouTube and SEO poisoning campaign targeting Minecraft players

Campaign
H score73 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

How related: the WeedHack campaign reaches victims mainly through YouTube videos showcasing Minecraft-related tools and SEO poisoning promoting them.

About this happening: WeedHack is a Minecraft-focused malware-as-a-service (MaaS) campaign that uses YouTube and SEO poisoning to push malicious mods, clients, cheats, and utilities...

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: GREYVIBE is a Russian-speaking malware activity targeting Ukraine and Ukraine-related entities since at least August 2025. The group uses spear-phishing e-mails*...

SHub Reaper macOS infostealer variant

Malware Activity
H score23 First: 19.05.2026 00:42 Last: 19.05.2026 00:42 Sources 1

About this happening: The SHub Reaper macOS infostealer now uses AppleScript and a fake Apple security update lure to infect Macs, raising the risk of credential theft and remote access. It...

Gremlin stealer modular toolkit evolution

Malware Activity
H score21 First: 15.05.2026 17:19 Last: 15.05.2026 17:19 Sources 1

About this happening: The Gremlin stealer malware has expanded into a modular toolkit with session-hijacking and crypto clipping capabilities, raising the risk of credential theft and a...

Mirax Android banking trojan with residential proxy nodes

Malware Activity
H score37 First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across Europe with remote access and residential proxy features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Timeline

  1. 03.06.2026 00:54 4 articles · 1mo ago

    WeedHack malware campaign infects 116,464 Minecraft systems

    Initial Disclosure

    McAfee says the WeedHack MaaS infostealer is targeting Minecraft players through malicious mods, clients, cheats, and utilities spread via YouTube videos and SEO poisoning, with telemetry showing 116,464 impacted systems since January and victims concentrated in the United States, Germany, India, and the UK.

    Show sources