TechOptima Ignite
TechOptima Solutions (636) 777-7702

WeedHack Malware-as-a-Service

June 9, 2026

Teens use cheap “WeedHack” Minecraft-mod malware to spy on and attack peers.

McAfee Labs discovered WeedHack, a malware-as-a-service campaign that has infected more than 116,000 victims since January 2026 at a rate of 2,000–3,000 new infections per day. It is distributed as free Minecraft mods and clients (Meteor, Radium, Wurst, LiquidBounce, Impact, Future, etc.).

A free tier steals Minecraft session IDs, browser passwords and cookies from 36 browsers, Discord/Steam/Telegram credentials, crypto wallets, screenshots, and system information. A $5/month premium tier adds live webcam access, screen sharing with keyboard/mouse control, keylogging, reverse shell, and remote file management. The service runs a polished public dashboard and originally used a Telegram channel with 850+ members.

Infection is multi-stage: the dropper phones home via an Ethereum-based C2 locator, disables Windows Defender, steals data, installs persistence via scheduled tasks, and (for premium users) deploys full remote-access tools. Distribution relies on fake YouTube videos and SEO-poisoned mod websites.

Many customers appear to be teenagers who use the tools primarily for harassment and bullying—recording webcams without consent and sharing the videos as trophies—rather than pure financial crime. McAfee advises victims contacted by attackers to tell a trusted adult and contact law enforcement rather than engage.

Tags: SECURITY | MALWARE

Source: sn-1082-notes.pdf

← Back to Blog