A cheap remote access tool lets anyone spy on webcams, screens, and files after victims download fake mods from YouTube. Fresh creator coverage this week shows the campaign remains active two weeks after the initial expose.
Minecraft players looking for mods or updated clients are walking into one of the most successful malware campaigns in recent memory. Security firm McAfee named it WeedHack and traced it back to January. The numbers are ugly: more than 116000 compromised systems and thousands of new infections per day.
The attack chain is simple and effective. YouTube channels post videos promising must have mods or performance clients for recent Minecraft versions. Descriptions and pinned comments direct users to file hosting sites loaded with trojanized JAR files. Once run, the malware drops a remote access trojan that lets the operator view the victim’s screen, webcam, files, and more through a public dashboard.
How Easy It Is To Get Hit
WeedHack specifically targets popular but unofficial mods that lack official pages on CurseForge or Modrinth. Creators of the malicious videos use SEO poisoning so their links rank above legitimate ones. The MaaS dashboard even lets low skill attackers inject the payload into real mods, making the fakes harder to spot at first glance.
McAfee documented over 3820 unique malicious JAR files and 240 distribution URLs. The campaign does not exploit a bug in Minecraft itself. It exploits the trust players have in community content creators and the habit of clicking the first Google or YouTube result.
- Payloads work on Minecraft 1.21.0 through 1.21.11
- Dashboard shows live infection stats and leaderboards
- Operators can remotely control webcams and disable defenses
- Many victims are teens downloading mods for the latest drop
What You Should Do Instead
Stick to well known mod hosting platforms with review systems. Enable two factor authentication on your Microsoft account. Run downloads through VirusTotal before executing them. If a video promises an exclusive client or mod that sounds too good to be true, it almost certainly is. The legitimate modding community has spent years building safe distribution channels for a reason.
Atozy’s recent video pulls no punches on the scale. With fresh attention on the campaign this week, expect more creators to amplify the warning. The Minecraft community has survived plenty of scams before. This one just happens to come with a side of webcam access.
News
