Early this year, a large-scale digital attack named WeedHack began spreading, tricking more than 116,000 Minecraft players worldwide. Instead of harmless add-ons, what seemed like useful mods carried hidden malicious software. Often, victims found these files through deceptive video guides or altered web searches promising better performance. Behind the scenes, once installed, the malware quietly pulled usernames, passwords, and crypto wallets from infected devices.
Though warnings have been issued, experts confirm the operation is still active – expanding its reach steadily.
Over 116,000 devices now show signs of intrusion by WeedHack, according to McAfee. Daily infection rates climb between two thousand and three thousand fresh cases. The United States, Germany, India, and the United Kingdom account for most affected users. Analysis revealed a network built on over 240 harmful web links. Close to 3,820 distinct JAR files were tied directly to distribution efforts.
YouTube dominates how users encounter these threats, alongside skewed search outcomes. Hidden inside video descriptions or comment sections, harmful links promote counterfeit Minecraft modifications. Appearances deceive – some productions include polished narration and real-looking game scenes. Their legitimacy grows when large audiences watch, boosting visibility for players seeking add-ons.
Not stopping there, attackers also twist how search results appear.
When someone looks up reliable software such as Meteor Client or Radium Client, fraudulent pages rise to the front. Because real modifications often live solely on GitHub without proper web addresses, fraudsters take advantage of that emptiness. Looking nearly identical to authentic sources, these imitation platforms blur the line between secure and risky picks.
Surprisingly, McAfee spotted a harmful website showing alerts about counterfeit Skytils downloads – yet it also included links to authentic GitHub and Discord sources. Even though the layout seemed reliable, visitors were handed corrupted files without their knowledge. Users ended up running malicious software, misled by the site’s convincing appearance.
Unlike most infostealers, WeedHack runs in plain sight – offering its tools via a malware-for-hire model.
Its visible control panel allows access to compromised systems. Data taken from victims appears there, clear and sorted. From that interface, new harmful setup files can be built, targeting Minecraft builds numbered 1.21.0 up to 1.21.10.
Stolen details include Minecraft session tokens, saved browser passwords, and active cookies. Access extends to Discord, Steam, Telegram logins without consent.
Cryptocurrency wallets get targeted too – data pulled silently. Screenshots captured behind the user’s back round out basic features. Priced at five dollars monthly or twenty-five once, enhanced tools unlock next. Remote desktop viewing arrives with payment. Webcam operation follows closely after. Keystrokes recorded continuously come included. Control over a victim’s command line appears in paid tier. Managing files remotely completes the package.
Over eight hundred members are part of WeedHack’s Telegram community, studies indicate. Though some seem underage, a number act through its online interface to target others or access personal data.
Most security specialists suggest grabbing mods solely from verified platforms, checking URLs thoroughly – while skipping any JARs sitting on shady domains. When it comes to add-ons with fewer dangers, Minecraft’s built-in marketplace tends to be the safest pa
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article:
Related
