WeedHack infostealer operation targeting Minecraft players
Malware Activity
Summary
Hide ▲
Show ▼
The WeedHack malware operation is infecting Minecraft players at scale, with telemetry showing 116,464 systems impacted since January. It spreads through malicious mods, clients, cheats, and utilities promoted on YouTube and through SEO poisoning. The platform steals browser, wallet, and chat credentials and adds remote access features for paying users, raising account-takeover and harassment risk.
Related Happenings
WeedHack YouTube and SEO poisoning campaign targeting Minecraft players
Campaign
First: 03.06.2026 00:54
Last: 03.06.2026 00:54
Sources 1
How related:
McAfee researchers say that the WeedHack campaign reaches victims mainly through YouTube videos showcasing Minecraft-related tools and SEO poisoning promoting them.
About this happening:
**WeedHack** is spreading malicious Minecraft tools through **YouTube descriptions/comments** and **SEO poisoning**, widening access to an infostealer operation that has already r...
WeedHack YouTube and SEO poisoning campaign targeting Minecraft players
CampaignHow related: McAfee researchers say that the WeedHack campaign reaches victims mainly through YouTube videos showcasing Minecraft-related tools and SEO poisoning promoting them.
About this happening: **WeedHack** is spreading malicious Minecraft tools through **YouTube descriptions/comments** and **SEO poisoning**, widening access to an infostealer operation that has already r...
YouTube Ghost Network malware distribution campaign
Campaign
First: 24.10.2025 13:00
Last: 24.10.2025 13:00
Sources 1
About this happening:
The **YouTube Ghost Network** is an active **malware distribution campaign** that uses **compromised YouTube accounts** to push malicious downloads and loaders. In the latest upda...
YouTube Ghost Network malware distribution campaign
CampaignAbout this happening: The **YouTube Ghost Network** is an active **malware distribution campaign** that uses **compromised YouTube accounts** to push malicious downloads and loaders. In the latest upda...
Latest development: 19.12.2025 17:34
Check Point identified GachiLoader in the YouTube Ghost Network, where compromised YouTube accounts distributed a heavily obfuscated Node.js loader that sometimes delivered Rhadamanthys or a Kidkadi stage while attempting Defender evasion and PE injection.
ClayRat Telegram phishing distribution campaign targeting Android users in Russia
Campaign
First: 09.10.2025 18:30
Last: 09.10.2025 18:30
Sources 1
About this happening:
The **ClayRat** campaign is an active **Android spyware** operation that now includes a newer iteration with expanded **surveillance** and **device-control** features. Researchers...
ClayRat Telegram phishing distribution campaign targeting Android users in Russia
CampaignAbout this happening: The **ClayRat** campaign is an active **Android spyware** operation that now includes a newer iteration with expanded **surveillance** and **device-control** features. Researchers...
Timeline
-
03.06.2026 00:54 2 articles · 1h ago
WeedHack malware campaign infects 116,464 Minecraft systems
Initial DisclosureMcAfee says the WeedHack MaaS infostealer is targeting Minecraft players through malicious mods, clients, cheats, and utilities spread via YouTube videos and SEO poisoning, with telemetry showing 116,464 impacted systems since January and victims concentrated in the United States, Germany, India, and the UK.
Show sources
- Over 116,000 Mincraft systems infected in WeedHack malware campaign — www.bleepingcomputer.com — 03.06.2026 00:54
- Over 116,000 Mincraft systems infected in WeedHack malware campaign — www.bleepingcomputer.com — 03.06.2026 00:54