If you are a Minecraft player, then we advise you to be a little careful. Why? Because the Minecraft players are being targeted by a new malware campaign that security researchers say is spreading via fake game mods, cheat clients and downloadable tools promoted online. As per the report by McAfee, the malware, known as WeedHack, has already generated over 116,000 detections and continues to infect thousands of systems every day.
The researchers, as per the report, found that the malware is being circulated via YouTube videos, fake download pages and manipulated search results that impersonate popular Minecraft modification tools. Users searching for third party clients and game enhancements are being tricked into downloading infected files disguised as legit software.
The report also stated that WeedHack is being sold as a malware-as-a-service offering on the open internet, allowing even inexperienced users to launch attacks. The subscription plans reportedly start at $5 per month, while a free version is also available with limited capabilities.
The malware is designed to steal sensitive information from infected devices. As per the report, it can collect browser cookies, passwords, screenshots, system details and login credentials linked to services such as Discord, Steam and Telegram. It can also target cryptocurrency wallets and capture authentication data from multiple web browsers.
The paid version reportedly expands these capabilities by offering remote access to victims’ computers. The features include webcam monitoring, keystroke recording, file management, screen sharing and remote command execution, giving attackers control over compromised systems.
Also read: Apple mocks Google Chrome’s privacy practices in latest ad campaign: Watch here
Investigators also stated that a Telegram community linked to the malware has hundreds of members. Discussions within the group suggested that many users were young individuals using the tool to harass, spy on or intimidate other gamers.
The report identified several well-known Minecraft clients that are being impersonated by attackers, including Meteor Client, Wurst Client, LiquidBounce and Impact Client. Since some of these projects rely on community-hosted downloads rather than official websites, cybercriminals are able to exploit search rankings and create convincing fake download portals.
Security experts are advising Minecraft players to download mods only from trusted sources, verify website authenticity before installing files and use reputable antivirus software. The report also highlights a growing trend where sophisticated cybercrime tools are becoming cheaper and easier to access, lowering the barrier for potential attackers.