Contact Us

Blog

Rss Feed

Home  ›  Blog  ›  Dangerous Malware "WeedHack" Hides in Minecraft Mods, Gives Attackers Webcam Access and More

Dangerous Malware "WeedHack" Hides in Minecraft Mods, Gives Attackers Webcam Access and More

Published June 19th, 2026 by Bayonseo

General

Since January 2026, a major, continuous Malware-as-a-Service (MaaS) campaign known as "WeedHack" has targeted Minecraft users, infecting over 116,000 systems and adding 2,000 to 3,000 new victims every day. This sophisticated software gives attackers remote control over victims' computers, including camera access, screen viewing, file stealing, and keyboard logging, while posing as trustworthy game mods, clients, and cheats.


A Perfect Storm: Minecraft's Popularity Meets Malware-as-a-Service

With more than 350 million copies sold, Minecraft is the best-selling video game ever. It boasts a robust ecosystem of third-party mods and unique launchers. A negative aspect of this enormous popularity is that cybercriminals use gamers' desire for free mods and cheats to spread malware. With tiered pricing, a customer dashboard, and even voting, WeedHack operates like a legitimate online business, taking this to an industrial level.

Via YouTube videos and SEO-tainted search results, the effort spreads malicious .jar files. Malicious download URLs are concealed in video descriptions or comments by attackers who produce professional, voice-overed tutorials that highlight Minecraft mods. A few videos have received more than 7,500 views.


WeedHack's Devastating Capabilities

There are two versions of WeedHack available: a free version and a **premium subscription that starts at just $5 per month** (lifetime access is available for $24.99).

Comprehensive Information Stealer, or Free Tier:

  • targets four well-known launchers and steals Minecraft session IDs
  • collects passwords and cookies from 36 distinct browsers.
  • 56 browser-based and 12 desktop cryptocurrency wallets' credentials are stolen.
  • gathers login credentials for Telegram, Steam, and Discord
  • uses 24 preset keywords to search for files and takes screenshots.

Premium Tier (Full Remote Access):

  • Attackers can use victims' webcams to snoop on them.
  • Keystroke recording records every typed text, including passwords.
  • Complete command-line access over the victim's PC through reverse shell execution
  • Using a keyboard and mouse to share a screen
  • File management: freely upload and download files


How Attackers Operate

Customers can access stolen data, track infections, and manage their attacks using an enterprise-grade web dashboard created by WeedHack's operators. In order to prevent security researchers from taking over the network, the virus employs EtherHiding, a mechanism that retrieves command-and-control (C2) domains from the Ethereum blockchain with RSA-signed answers. Additionally, it creates persistence on boot, disables Windows Defender, and gathers a lot of system data.


A Disturbing Twist: Cyberbullying and Teens

The demographics of WeedHack users may be the most concerning discovery. Researchers from McAfee who were keeping an eye on the campaign's Telegram channel, which had more than 850 members, found that a large number of its patrons seemed to be teenagers and young adults. They use the remote access capabilities, especially webcam surveillance, to harass, threaten, and degrade their peers instead of seeking financial gain. They frequently capture and distribute films of their victims.


How to Protect Yourself from WeedHack and Similar Threats

For parents and Minecraft players:

  • Mods should only be downloaded from legitimate sources, such as CurseForge or the official Minecraft launcher; do not download them from random file-hosting websites or YouTube descriptions.
  • Cheats and free mods that seem "too good to be true" should be avoided since they frequently include viruses.
  • WeedHack tries to disable Windows Defender and antivirus software, a proactive approach can identify and stop the infection.
  • Keep an eye on the webcam indicator lights; if your camera suddenly turns on, you can be at risk.
  • Inform younger players about the risks associated with obtaining files from unreliable sources.


How Bayon Technologies Group Can Help

At Bayon Technologies Group, we understand that threats like WeedHack target not just corporate networks but also home users and families. We help both individuals and organizations stay safe:

  • Endpoint Protection & Monitoring: We deploy advanced security solutions that detect and block malware like WeedHack before it can disable your defenses.
  • Security Awareness Training: We educate your team – including younger family members – on recognizing social engineering tactics used to distribute malware.
  • Parental Controls & Safe Browsing: We help families implement safe browsing practices and restrict downloads from high‑risk sources.
  • Incident Response: If a compromise occurs, we can help identify the breach, contain the damage, and restore your systems.

Don't let a free Minecraft mod turn into a full‑system compromise. Contact Bayon Technologies Group today to build a layered defense for your home and business.


‹ Back

Serving South Florida businesses: Florida City, Miami, Coral Gables, Doral, Hollywood, Fort Lauderdale, Sunrise, Boca Raton