Fake Minecraft Mods Infect 116K Systems With WeedHack Malware
June 3, 2026
Minecraft has solidified its position in the gaming world for over a decade, largely due to the vast array of mods that enhance gameplay. However, this thriving modding community has recently become a target for malicious actors. A new report from security firm McAfee reveals a malware campaign named WeedHack, which has already impacted more than 116,000 players since its inception earlier this year.
When gamers seek out mods, they often turn to search engines to discover options that pique their interest. Cybercriminals are exploiting this behavior through a tactic known as SEO poisoning. They specifically target mods hosted on GitHub, creating deceptive web pages that mimic the official sites for these mods. Notable projects affected include Meteor Client, Radium Client, Wurst Client, Aristois, LiquidBounce, and Impact Client.
Image by McAfee
YouTube serves as another popular platform for players to find enticing mods, and attackers are capitalizing on this avenue as well. By producing polished videos that appear legitimate—eschewing AI-generated content—these attackers create a false sense of trust among viewers. The comments section often contains guidance for installing the malware, while the video descriptions link to sites controlled by the attackers.
Malicious actors have established two tiers for their operations: a free tier and a premium tier. The free tier allows them to steal cookies and passwords from web browsers, target both browser-based and desktop app crypto wallets, capture screenshots, and extract credentials from platforms like Discord, Telegram, and Steam. For a monthly fee starting at , attackers gain access to more sophisticated capabilities, including webcam control, keylogging, and reverse shell execution.
The availability of such powerful malware at little to no cost is alarming, lowering the barrier to entry and making it accessible to a broader range of attackers. As a result, Minecraft users are urged to exercise caution when searching for and installing mods to protect themselves from potential threats.
Fake Minecraft Mods Infect 116K Systems With WeedHack Malware
Minecraft has solidified its position in the gaming world for over a decade, largely due to the vast array of mods that enhance gameplay. However, this thriving modding community has recently become a target for malicious actors. A new report from security firm McAfee reveals a malware campaign named WeedHack, which has already impacted more than 116,000 players since its inception earlier this year.
When gamers seek out mods, they often turn to search engines to discover options that pique their interest. Cybercriminals are exploiting this behavior through a tactic known as SEO poisoning. They specifically target mods hosted on GitHub, creating deceptive web pages that mimic the official sites for these mods. Notable projects affected include Meteor Client, Radium Client, Wurst Client, Aristois, LiquidBounce, and Impact Client.
YouTube serves as another popular platform for players to find enticing mods, and attackers are capitalizing on this avenue as well. By producing polished videos that appear legitimate—eschewing AI-generated content—these attackers create a false sense of trust among viewers. The comments section often contains guidance for installing the malware, while the video descriptions link to sites controlled by the attackers.
Malicious actors have established two tiers for their operations: a free tier and a premium tier. The free tier allows them to steal cookies and passwords from web browsers, target both browser-based and desktop app crypto wallets, capture screenshots, and extract credentials from platforms like Discord, Telegram, and Steam. For a monthly fee starting at , attackers gain access to more sophisticated capabilities, including webcam control, keylogging, and reverse shell execution.
The availability of such powerful malware at little to no cost is alarming, lowering the barrier to entry and making it accessible to a broader range of attackers. As a result, Minecraft users are urged to exercise caution when searching for and installing mods to protect themselves from potential threats.