WeedHack YouTube and SEO poisoning campaign targeting Minecraft players
Campaign
Summary
Hide ▲
Show ▼
WeedHack is a Minecraft-focused malware-as-a-service (MaaS) campaign that uses YouTube and SEO poisoning to push malicious mods, clients, cheats, and utilities. McAfee Labs says the activity has been active since January 2026 and has identified 3,820 unique malicious JAR files and over 240 URLs used to distribute the malware. The campaign’s clear-net dashboard at weedhack[.]to exposes stolen credentials and system information, and supports custom payloads for Minecraft versions 1.21.0 to 1.21.11. Victims are concentrated in the United States, Germany, India, the UK, Italy, Vietnam, Canada, Norway, Sweden, Finland, and Spain, while the tooling includes both free infostealer features and paid remote-access capabilities.
Related Happenings
Y2K Operators Millenium RAT social-engineering distribution campaign
Campaign
H score73
First: 29.06.2026 17:30
Last: 29.06.2026 17:30
Sources 1
About this happening:
The Y2K Operators are running a social-engineering distribution campaign that spreads Millenium RAT through booby-trapped downloads, exposing users to remote compr...
Y2K Operators Millenium RAT social-engineering distribution campaign
CampaignAbout this happening: The Y2K Operators are running a social-engineering distribution campaign that spreads Millenium RAT through booby-trapped downloads, exposing users to remote compr...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware Activity
H score65
First: 03.06.2026 00:54
Last: 03.06.2026 00:54
Sources 1
How related:
WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems.
About this happening:
WeedHack is a Minecraft-focused malware-as-a-service operation that has been active since January 2026 and uses SEO poisoning and YouTube to push malicious dow...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware ActivityHow related: WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems.
About this happening: WeedHack is a Minecraft-focused malware-as-a-service operation that has been active since January 2026 and uses SEO poisoning and YouTube to push malicious dow...
GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy
Malware Activity
H score41
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
GREYVIBE is a Russian-speaking malware activity targeting Ukraine and Ukraine-related entities since at least August 2025. The group uses spear-phishing e-mails*...
GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy
Malware ActivityAbout this happening: GREYVIBE is a Russian-speaking malware activity targeting Ukraine and Ukraine-related entities since at least August 2025. The group uses spear-phishing e-mails*...
JINX-0164 cryptocurrency recruitment-lure campaign
Campaign
H score39
First: 28.05.2026 10:54
Last: 28.05.2026 10:54
Sources 1
About this happening:
A JINX-0164 campaign is targeting cryptocurrency firms and developers with LinkedIn recruiter lures, a fake meeting-and-fix workflow, and macOS malware to steal cr...
JINX-0164 cryptocurrency recruitment-lure campaign
CampaignAbout this happening: A JINX-0164 campaign is targeting cryptocurrency firms and developers with LinkedIn recruiter lures, a fake meeting-and-fix workflow, and macOS malware to steal cr...
Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT
Campaign
H score36
First: 04.05.2026 14:57
Last: 04.05.2026 14:57
Sources 1
About this happening:
Silver Fox is running a tax-themed phishing campaign that now targets India with Income Tax Department lures and delivers ValleyRAT (aka Winos 4.0). The campai...
Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT
CampaignAbout this happening: Silver Fox is running a tax-themed phishing campaign that now targets India with Income Tax Department lures and delivers ValleyRAT (aka Winos 4.0). The campai...
Timeline
-
03.06.2026 00:54 4 articles · 1mo ago
WeedHack campaign targets Minecraft players through YouTube and SEO poisoning
Initial DisclosureWeedHack, a malware-as-a-service infostealer targeting Minecraft players, spreads through malicious mods, clients, cheats, and utilities promoted on YouTube and via SEO poisoning. McAfee telemetry says the campaign has impacted 116,464 systems since January, with victims concentrated in the United States, Germany, India, and the UK. The platform operates as a clear-net dashboard for stolen credentials and infected-system data and includes both a free tier and a paid tier with remote-control and other access features.
Show sources
- Over 116,000 Mincraft systems infected in WeedHack malware campaign — www.bleepingcomputer.com — 03.06.2026 00:54
- Over 116,000 Mincraft systems infected in WeedHack malware campaign — www.bleepingcomputer.com — 03.06.2026 00:54
- Over 116,000 Minecraft systems infected in WeedHack malware campaign — www.bleepingcomputer.com — 03.06.2026 00:54
- Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content — thehackernews.com — 03.06.2026 09:16