WeedHack YouTube and SEO poisoning campaign targeting Minecraft players
Campaign
Summary
Hide ▲
Show ▼
WeedHack is spreading malicious Minecraft tools through YouTube descriptions/comments and SEO poisoning, widening access to an infostealer operation that has already reached 116,464 systems. The campaign uses lures for mods, clients, cheats, and utilities to pull users toward trojanized JAR files and fake download pages. Victims are concentrated in the United States, Germany, India, and the UK, showing the operation's broad international reach. The same platform also gives customers a dashboard for stolen data and remote-access features, increasing the value of each infection.
Related Happenings
WeedHack infostealer operation targeting Minecraft players
Malware Activity
First: 03.06.2026 00:54
Last: 03.06.2026 00:54
Sources 1
How related:
A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January.
About this happening:
The **WeedHack** malware operation is infecting **Minecraft players** at scale, with telemetry showing **116,464 systems** impacted since **January**. It spreads through **malicio...
WeedHack infostealer operation targeting Minecraft players
Malware ActivityHow related: A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January.
About this happening: The **WeedHack** malware operation is infecting **Minecraft players** at scale, with telemetry showing **116,464 systems** impacted since **January**. It spreads through **malicio...
YouTube Ghost Network malware distribution campaign
Campaign
First: 24.10.2025 13:00
Last: 24.10.2025 13:00
Sources 1
About this happening:
The **YouTube Ghost Network** is an active **malware distribution campaign** that uses **compromised YouTube accounts** to push malicious downloads and loaders. In the latest upda...
YouTube Ghost Network malware distribution campaign
CampaignAbout this happening: The **YouTube Ghost Network** is an active **malware distribution campaign** that uses **compromised YouTube accounts** to push malicious downloads and loaders. In the latest upda...
Latest development: 19.12.2025 17:34
Check Point identified GachiLoader in the YouTube Ghost Network, where compromised YouTube accounts distributed a heavily obfuscated Node.js loader that sometimes delivered Rhadamanthys or a Kidkadi stage while attempting Defender evasion and PE injection.
ClayRat Telegram phishing distribution campaign targeting Android users in Russia
Campaign
First: 09.10.2025 18:30
Last: 09.10.2025 18:30
Sources 1
About this happening:
The **ClayRat** campaign is an active **Android spyware** operation that now includes a newer iteration with expanded **surveillance** and **device-control** features. Researchers...
ClayRat Telegram phishing distribution campaign targeting Android users in Russia
CampaignAbout this happening: The **ClayRat** campaign is an active **Android spyware** operation that now includes a newer iteration with expanded **surveillance** and **device-control** features. Researchers...
ClayRat Android spyware targeting Russian users
Malware Activity
First: 09.10.2025 15:30
Last: 09.10.2025 15:30
Sources 1
About this happening:
ClayRat is an Android spyware campaign targeting users in Russia through Telegram channels and phishing websites that impersonate popular apps such as WhatsApp, TikTok, Google Pho...
ClayRat Android spyware targeting Russian users
Malware ActivityAbout this happening: ClayRat is an Android spyware campaign targeting users in Russia through Telegram channels and phishing websites that impersonate popular apps such as WhatsApp, TikTok, Google Pho...
Latest development: 09.10.2025 18:30
ClayRat is a rapidly evolving Android spyware campaign targeting users in Russia through Telegram channels and lookalike phishing sites that impersonate WhatsApp, Google Photos, TikTok, and YouTube. The malware can exfiltrate SMS messages, call logs, notifications, and device information, take photos with the front camera, place calls, send SMS messages, request default-SMS access, and propagate by sending malicious links to contacts. Some samples act as droppers with a fake Play Store update screen, and Zimperium says it has identified 600 samples and 50 droppers over the last 90 days.
Timeline
-
03.06.2026 00:54 2 articles · 1h ago
WeedHack campaign targets Minecraft players through YouTube and SEO poisoning
Initial DisclosureWeedHack, a malware-as-a-service infostealer targeting Minecraft players, spreads through malicious mods, clients, cheats, and utilities promoted on YouTube and via SEO poisoning. McAfee telemetry says the campaign has impacted 116,464 systems since January, with victims concentrated in the United States, Germany, India, and the UK. The platform operates as a clear-net dashboard for stolen credentials and infected-system data and includes both a free tier and a paid tier with remote-control and other access features.
Show sources
- Over 116,000 Mincraft systems infected in WeedHack malware campaign — www.bleepingcomputer.com — 03.06.2026 00:54
- Over 116,000 Mincraft systems infected in WeedHack malware campaign — www.bleepingcomputer.com — 03.06.2026 00:54