Find notable cyber news and cases, enriched with sources, timelines, and signals.

WeedHack YouTube and SEO poisoning campaign targeting Minecraft players

Campaign
First reported
Last updated
Happening score
H score 73
2 unique sources, 3 articles

Summary

Hide ▲

WeedHack is a Minecraft-focused malware-as-a-service (MaaS) campaign that uses YouTube and SEO poisoning to push malicious mods, clients, cheats, and utilities. McAfee Labs says the activity has been active since January 2026 and has identified 3,820 unique malicious JAR files and over 240 URLs used to distribute the malware. The campaign’s clear-net dashboard at weedhack[.]to exposes stolen credentials and system information, and supports custom payloads for Minecraft versions 1.21.0 to 1.21.11. Victims are concentrated in the United States, Germany, India, the UK, Italy, Vietnam, Canada, Norway, Sweden, Finland, and Spain, while the tooling includes both free infostealer features and paid remote-access capabilities.

Related Happenings

Y2K Operators Millenium RAT social-engineering distribution campaign

Campaign
H score73 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The Y2K Operators are running a social-engineering distribution campaign that spreads Millenium RAT through booby-trapped downloads, exposing users to remote compr...

WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access

Malware Activity
H score65 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

How related: WeedHack works as a malware-as-a-service (MaaS) infostealer operation that offers a dashboard for customers to see stolen credentials and information on compromised systems.

About this happening: WeedHack is a Minecraft-focused malware-as-a-service operation that has been active since January 2026 and uses SEO poisoning and YouTube to push malicious dow...

GreyVibe custom malware activity with LegionRelay, PhantomRelay, and FallSpy

Malware Activity
H score41 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: GREYVIBE is a Russian-speaking malware activity targeting Ukraine and Ukraine-related entities since at least August 2025. The group uses spear-phishing e-mails*...

JINX-0164 cryptocurrency recruitment-lure campaign

Campaign
H score39 First: 28.05.2026 10:54 Last: 28.05.2026 10:54 Sources 1

About this happening: A JINX-0164 campaign is targeting cryptocurrency firms and developers with LinkedIn recruiter lures, a fake meeting-and-fix workflow, and macOS malware to steal cr...

Silver Fox tax-themed phishing campaign delivering ABCDoor and ValleyRAT

Campaign
H score36 First: 04.05.2026 14:57 Last: 04.05.2026 14:57 Sources 1

About this happening: Silver Fox is running a tax-themed phishing campaign that now targets India with Income Tax Department lures and delivers ValleyRAT (aka Winos 4.0). The campai...

Timeline

  1. 03.06.2026 00:54 4 articles · 1mo ago

    WeedHack campaign targets Minecraft players through YouTube and SEO poisoning

    Initial Disclosure

    WeedHack, a malware-as-a-service infostealer targeting Minecraft players, spreads through malicious mods, clients, cheats, and utilities promoted on YouTube and via SEO poisoning. McAfee telemetry says the campaign has impacted 116,464 systems since January, with victims concentrated in the United States, Germany, India, and the UK. The platform operates as a clear-net dashboard for stolen credentials and infected-system data and includes both a free tier and a paid tier with remote-control and other access features.

    Show sources