with Minecraft to be one of the most popular games in the world and one of the most modified games around the world — it’s not uncommon for hackers to try to use mods Xbox and Mojang StudiosA sandbox survival game as an attack vector. Currently, though, there is one especially A dangerous piece of malware that anyone who mods Minecraft (or knows someone who does) should be aware of.
I am referring to the malware “WeedHack”. Discovered by McAfee researchers The malware was distributed to attackers through a Software-as-a-Service (MaaS) campaign. It’s been active since January, and unlike most hacking tools that often cost hundreds of dollars, WeedHack is pretty cheap — making it uniquely dangerous.
There is a free tier that anyone can sign up for, with Premium plans starting at $5 per month giving malicious actors access to a more advanced version of the software with more serious capabilities.
Attackers hide WeedHack inside Minecraft mod files, effectively using them as a Trojan horse. Links to download these files are then shared on plausible fake mod hosting sites, in the description of fake mod review YouTube videos, or in comment sections.
Once they’re downloaded, WeedHack quietly uses the Ethereum blockchain to connect to a hidden network, then disables Windows Defender protections and enters your system before stealing everything from Minecraft session IDs and system information about your PC to passwords from Steam. Controversyand your browser and crypto wallet credentials.
The scary part is that the Premium level of WeedHack gives the hacker live access to your computer’s webcam, the power to force screen sharing with mouse and keyboard control, command-line control of your computer, and the ability to download or upload files to your system.
McAfee says that when he researched WeedHack by spying on a now-defunct Telegram server, he discovered that most of its users were teenagers and young adults — no doubt able to use the program because of its extremely low barrier to entry. Reported as malware can can be used for financial theft, it is mainly used as a tool for cyberbullying and harassment.
Researchers say they have witnessed attackers sharing videos taken from victims’ webcams as trophies, and claim to have used stolen IP addresses and passwords to threaten to infect WeedHack.
At the time of writing, more than 116,000 users have been affected in some way by the WeedHack attacks, and the malware campaign is reportedly “getting an average of 2,000-3,000 new hits per day.”
So what can you do? Do you protect yourself? First of all, you should never download a Minecraft mod or a mod for it any game, therefore — from a source not trusted by the community. For Minecraft, that means sticking CurseForge or Modrinth; for other games you need to download only from this address Nexus Mods or ModDB. I cannot stress this enough.
You may also want to consider security software such as McAfee’s, as it can block WeedHack’s intrusion attempts when Windows Defender fails. McAfee says its Web Protection will prevent you from visiting sites where files can be downloaded in the first place, and its antivirus will prevent malware from running if you get it.
It’s tragic that such a piece of malware is currently circulating on the internet, and a reminder of how important it is to be very careful about where you download files from. Be smart guys.
Join us Reddit at r/WindowsCentral to share your thoughts and discuss our latest news, reviews and more.
