A large malware campaign has infected more than 116,000 computers by tricking Minecraft players into downloading booby-trapped mods, cheat clients, and utilities. McAfee says the WeedHack operation has been active since January 2026, spreads via YouTube links and search-result manipulation, and uses thousands of malicious Java archive (JAR) files. The malware steals browser passwords and cookies, Minecraft session IDs, Discord, Steam and Telegram credentials, and crypto-wallet data, while paid tiers add remote-control features such as keylogging, webcam access, shell access, and file management.
Why it matters: This is a broad consumer-focused infostealer campaign hitting gamers at scale, with stolen passwords, session tokens, and wallet data creating immediate account-takeover and financial risk. Minecraft players and parents should avoid unofficial mod download sites, remove suspicious JAR files, run antivirus scans, and reset passwords for any accounts used on affected devices.
Bill Toulas
2026.06.02
100% relevant
This article establishes a distinct new malware campaign centered on Minecraft-themed lures, with named actor infrastructure, infection scale, and specific steal-and-remote-access capabilities.
Bill Toulas
2026.06.02
99% relevant
This article is a direct report on the same WeedHack campaign, adding McAfee telemetry, distribution methods via YouTube and SEO poisoning, the malware-as-a-service dashboard details, and the free and premium feature sets used to steal credentials and remotely control victims' systems.
← Back to all stories