McAfee exposed WeedHack, a booming malware-as-a-service ripping off kids hunting free cheat clients. It steals accounts instantly and sells live screen and webcam access for pocket money while racking up 2000 to 3000 new victims daily.
The Minecraft modding and cheating scene has a massive problem and it is not going away. McAfee Labs just dropped numbers that should make every player using third-party clients pause: more than 116000 compromised systems and growing by 2000 to 3000 infections a day.
WeedHack spreads through fake websites, cloned GitHub repos, poisoned Google results, and YouTube tutorials pushing downloads for names like Meteor Client, Wurst, Aristois, LiquidBounce, Impact, and similar utility mods. Because many of these projects live on file hosts instead of locked-down official platforms, impersonation is trivial.
What the malware actually does
- Free tier acts as an infostealer grabbing Minecraft session IDs, browser cookies, Discord tokens, Steam credentials and saved passwords
- Paid tier runs about five dollars a month and gives buyers a clean web dashboard for live screen viewing, webcam access, keylogging, and remote file theft
- Over 3820 unique malicious JAR files and 240 distribution URLs tracked so far
- Targets teens and younger players who just want an edge in multiplayer or hypixel
Researchers noted the operators made it ridiculously easy to buy access. No dark web required, just a Discord account and five bucks. Some of the activity appears tied to cyberbullying within the Minecraft community, turning compromised machines into tools for griefing.
How to not become a statistic
- Only download from verified platforms like Modrinth or CurseForge official pages
- Never trust random YouTube download links or Google ads for clients
- If you ran anything suspicious recently, revoke all Minecraft sessions from a clean device, change passwords, and scan thoroughly
- Treat every unsigned JAR like it is radioactive because right now many of them are
The report comes at a time when Minecrafts multiplayer scene remains one of the most active corners of gaming. Servers, SMPs, and anarchy communities all run on trust that these third-party tools are safe. That trust is shredded.
WeedHack targets Minecraft clients and mods without an official website that are hosted exclusively on file hosting websites like GitHub and specifically select mods with unique names, so it is easier to dominate search engine results.
This is not some one-off virus. It is an industrialized operation with a subscription model aimed directly at the exact demographic that lives in Minecraft. If you play on any competitive or modded server, the odds are higher than you think that someone in your circle has already been hit.
