Notebookcheck Logo

McAfee researchers warn over 100,000 Minecraft players infected by malware

A screengrab of the WeedHack malware as a service dashboard with pricing information
ⓘ McAfee
A screengrab of the WeedHack malware as a service dashboard with pricing information
McAfee researchers say a Malware-as-a-Service operation called WeedHack has infected more than 116,000 Minecraft players worldwide through fake mods, clients, and utility tools promoted via malicious links and YouTube SEO poisoning.
Hack / Data Breach Gaming Game Releases Fail Security Social Media

Minecraft is known for its extensive modding community and third-party mod support, which has always attracted players to innovate and create new quality-of-life and visually impressive mods. However, some online sleuths and hackers have taken this opportunity to infect Minecraft players’ systems with malware.

Currently, a Malware-as-a-Service operation is threatening the Minecraft community, as researchers at McAfee Labs have discovered. This service, called WeedHack, has been discreetly affecting gamers' systems since January 2026 by injecting code into fake Minecraft mods, clients, and utility tools. The number of infected users is staggering.

McAfee’s telemetry shows that the WeedHack Malware-as-a-Service campaign has logged over 100,000 (specifically, 116,464) infected systems worldwide, with an average of 2,000 to 3,000 systems infected each day.

McAfee researcher Aayush Tyagi laid out his findings in an official blog post, stating:

“We’ve discovered over 3,820 unique malicious JAR files that are part of this attack and over 240 URLs responsible for distributing this malware. This campaign utilizes SEO poisoning on YouTube to generate traffic to these malicious URLs. We also found two YouTube channels and multiple videos that demonstrate Minecraft mods and clients and redirect viewers to these URLs.”

McAfee researchers infiltrated associated WeedHack Telegram channels and reported that “WeedHack malware is a major catalyst for cyberbullying. Many of its customers appear to be teenagers and young adults and are using remote access capabilities to threaten, harass, and monitor their victims, who are around the same age.”

The WeedHack MaaS doesn’t require advanced technical skills. It’s openly sold on the internet with a free tier and premium tiers starting from just $5 per month or a $24.99 lifetime purchase.

WeedHack primarily steals Minecraft session IDs via multiple launchers, browser passwords, cookies across browsers, Discord and Steam credentials, cryptocurrency wallet data, system information, and screenshots. It also goes so far as to disable Windows Defender services using a technique called EtherHiding.

WeedHack Premium takes things a step further, allowing hackers to obtain live webcam access, monitor and control keyboard and mouse inputs, log keystrokes, access command lines, and upload or download data.

The best way users can protect themselves from malicious mods infected with WeedHack is simple: only download mods approved on NexusMods, CurseForge, Modrinth, or other community-trusted clients.

Buy Minecraft on the Nintendo Switch on Amazon

Google LogoAdd as a preferred source on Google
Mail Logo

No comments for this article

Got questions or something to add to our article? Even without registering you can post in the comments!
No comments for this article / reply

static version load dynamic
Loading Comments
Comment on this article

Related Articles

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 06 > McAfee researchers warn over 100,000 Minecraft players infected by malware
Rahim Amir Noorali, 2026-06- 8 (Update: 2026-06- 8)