SendTech Times
CybersecurityNews|June 4, 2026 at 10:12 AM
MARKET SIGNAL:

WeedHack Malware Turns Minecraft Mods Into a 116,000-System Infostealer Campaign

Article summary

WeedHack has infected more than 116,000 systems by targeting Minecraft players through malicious mods, clients, cheats and utilities. McAfee telemetry shows 116,464 affected systems, 2,000 to 3,000 infections a day, more than 240 distribution URLs and 3,820 malicious JAR files. The next signal is whether Minecraft mod communities can move users back toward official download sources before infostealer distribution expands further.

Market signal

The impact is on cybersecurity spending, platform consolidation and investor expectations. The next signal is whether AI-related security demand converts into NGS ARR progress quickly enough to support the current valuation.

WeedHack Malware Turns Minecraft Mods Into a 116,000-System Infostealer Campaign
Image source: BleepingComputer

Minecraft Mods Become an Infostealer Distribution Channel

A malware campaign called WeedHack has infected more than 116,000 systems since January by targeting Minecraft players through malicious mods, clients, cheats and utilities.

The campaign uses YouTube promotion and search-engine poisoning to push downloads that look like game tools.

McAfee telemetry shows 116,464 affected systems, with 2,000 to 3,000 infections a day.

The largest victim concentrations identified in the report are in the United States, Germany, India and the UK.

The campaign's scale is visible in more than 240 distribution URLs and 3,820 unique malicious JAR files.

For consumer-security teams, the practical risk is that a gaming mod can become a credential-theft path before users recognize it as a security problem.

Free Malware Tools Lower The Abuse Barrier

WeedHack operates as a malware-as-a-service infostealer with a dashboard that lets users view stolen credentials and data from compromised systems.

McAfee described the use of ordinary public web hosting, rather than hidden dark-web distribution, and the free access model as unusual for an infostealer operation.

The free tier targets Minecraft session IDs, cookies and saved passwords across 36 browsers, 56 cryptocurrency add-ons and 12 desktop cryptocurrency wallet apps.

It also targets Discord, Steam and Telegram credentials and can capture screenshots.

A premium tier costs $5 per month and also offers a lifetime purchase option.

That version adds remote control with mouse and keyboard input, webcam access, a keylogger, remote shell access and remote file management.

The paid feature set changes the consumer-risk profile because a campaign that begins with a fake game utility can extend into direct control over the compromised device.

Social Proof Is Part Of The Attack Surface

McAfee researchers said the campaign reaches victims mainly through YouTube videos and poisoned search results.

Some videos include voice-over narration to appear more authentic and have drawn more than 7,500 views.

The attack also copies legitimacy signals from real projects.

In one example, a malicious site warned users to download Skytils only from the official site while linking to the legitimate GitHub repository and Discord server, creating a false sense of safety around the fake page.

For players, the safer control is source discipline: avoid mod links promoted through videos or search results, and verify downloads through the project's official site or repository rather than a lookalike landing page.

The next signal is whether Minecraft players and mod communities shift downloads back toward official project sources before WeedHack-style distribution keeps scaling through video promotion and search traffic.

Share this article
inXf

Related articles

More
CISA WebLogic Warning Turns Oracle Patch Lag Into an Exposure Test
Cybersecurity

CISA WebLogic Warning Turns Oracle Patch Lag Into an Exposure Test

CISA ordered U.S. federal agencies to patch Oracle WebLogic Server systems affected by CVE-2024-21182 after active exploitation was observed. Shodan tracks more than 1,592 exposed WebLogic servers vulnerable to the flaw, including 961 on version 12.2.1.4.0 and 631 on version 14.1.1.0.0. The immediate test is whether public- and private-sector defenders apply Oracle fixes or remove exposed systems where mitigations are unavailable.

AI-Built Ransomware Toolkit Turns EDR Evasion Into a Faster Cybercrime Workflow
Cybersecurity

AI-Built Ransomware Toolkit Turns EDR Evasion Into a Faster Cybercrime Workflow

A ransomware-focused threat actor adopted an AI-built toolkit for Active Directory discovery and endpoint detection and response evasion. Sophos found Cursor and Claude Opus agents assisted development, with close to 80 modules tested against more than 70 techniques. The practical test is whether defenders can shorten validation cycles as AI accelerates the move from offensive research to working malware components.

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem
Cybersecurity

Palo Alto Sell-Off Shows AI Cybersecurity Demand Still Has a Timing Problem

Palo Alto Networks shares fell more than 4% after stronger quarterly results and current-quarter guidance failed to satisfy investors looking for faster AI-linked earnings upside. CEO Nikesh Arora reiterated a fiscal 2030 target of more than 4,000 platformizations and a USD 20 billion NGS ARR goal. The practical test is whether AI-related security demand turns into NGS ARR progress as data center infrastructure is ordered, installed and brought online.

AI Coding Push Turns Developers Into a Prime Cybersecurity Target
Cybersecurity

AI Coding Push Turns Developers Into a Prime Cybersecurity Target

A Japanese @IT analysis says attackers are increasingly targeting developers because AI coding tools, OSS, CI/CD pipelines and cloud services concentrate valuable credentials around them. The report highlights vulnerable AI-generated code, fake recruiting approaches, polluted open-source packages and GitHub Actions-style automation attacks. The practical warning is that companies need stronger identity, dependency and workflow controls rather than relying only on individual developer caution.

Keep Reading

More Stories

Latest
Oman's Energy Security Pitch Puts Ports, Private Capital and AI Demand in FocusEconomyJun 4, 2026Oman's Energy Security Pitch Puts Ports, Private Capital and AI Demand in FocusOman was presented as a stronger energy and infrastructure hub as global markets put more weight on supply security and diversified trade routes. The Global Energy Debate at the 2nd Oman Capital Market Conference included Shell Oman, Oman LNG, OQ, BlackRock and Vision Invest. The next signal is whether private capital and infrastructure planning turn Oman's location, ports and energy assets into financed projects.EU Tech Sovereignty Push Puts Cloud Providers And AI Chips Under Policy ScrutinyCloud & Data CentersJun 4, 2026EU Tech Sovereignty Push Puts Cloud Providers And AI Chips Under Policy ScrutinyThe European Commission proposed a tech-sovereignty package covering chips, AI and cloud services. The package includes the Cloud and AI Development Act and Chips Act 2.0, and still needs approval from all 27 EU member states. The next signal is whether member states convert the proposals into cloud procurement rules and semiconductor investment priorities.Core42's 42MW Lake Mariner Expansion Turns US Power Capacity Into a Gulf AI Cloud SignalCloud & Data CentersJun 4, 2026Core42's 42MW Lake Mariner Expansion Turns US Power Capacity Into a Gulf AI Cloud SignalCore42 expanded its AI cluster at TeraWulf's Lake Mariner site in Buffalo, raising compute capacity there by 42MW to 60MW. The UAE-headquartered G42 company's AI cloud platform has ten global sites operational, with additional deployments planned for 2026. The practical test is whether Core42 exercises further Lake Mariner capacity and turns the expanded US footprint into durable hyperscale and enterprise workloads.Coralogix's $200 Million Round Puts AI-Agent Monitoring on the Enterprise WatchlistAIJun 4, 2026Coralogix's $200 Million Round Puts AI-Agent Monitoring on the Enterprise WatchlistCoralogix raised $200 million in Series F financing to expand software-monitoring tools for AI-agent operations. The round valued the company at $1.6 billion post-money and brought total capital raised to $550 million. The practical test is whether enterprise use of AI agents turns observability spending into durable growth for Coralogix.O-Green's 58 MW Duqm Wind Pilot Ties Oman Renewables to Industrial Power DemandEconomyJun 4, 2026O-Green's 58 MW Duqm Wind Pilot Ties Oman Renewables to Industrial Power DemandO-Green is developing a 58 MW pilot wind farm in the Duqm Special Economic Zone to support clean-power use in Oman's industrial buildout. The Duqm North and South Wind Project will use six 9.6 MW turbines and is expected to generate around 190 gigawatt-hours of electricity annually. The practical test is whether O-Green can turn its Duqm pilot and wider renewable portfolio into reliable power for manufacturing and industrial demand.Korea’s Weak Won Is Exposing a Policy Credibility ProblemEconomyJun 4, 2026Korea’s Weak Won Is Exposing a Policy Credibility ProblemSouth Korea’s won is trading near crisis-era lows even as AI-driven semiconductor demand has produced a record external surplus and a historic rally in chip stocks. The pressure reflects a capital-flow puzzle: exporters are earning dollars, foreign investors are selling Korean equities, and chipmakers may be keeping more revenue offshore. The political risk is that Seoul treats the currency slide as a temporary market anomaly rather than a warning about policy credibility, asset inflation and dependence on a semiconductor cycle.Marvell Teralynx T100 Puts AI Data-Center Switching Into the Chip RaceChips & SemiconductorsJun 4, 2026Marvell Teralynx T100 Puts AI Data-Center Switching Into the Chip RaceMarvell announced planned availability of its Teralynx T100 switch chip for AI training and inference infrastructure. The 102.4 Tbps chip is built on a 3nm process, supports up to a 512-port radix and is claimed to use 25 percent lower power than competitive solutions. The practical test is whether data-center customers use lower-power, high-radix switching to ease latency and power constraints in larger AI clusters.A Ballot Shortage Is Not a Normal ElectionPoliticsJun 3, 2026A Ballot Shortage Is Not a Normal ElectionBallot shortages disrupted voting at several polling stations in Seoul and other areas during the June 3 election, leaving some voters waiting for hours and raising concerns that others may have left without voting. The National Election Commission blamed higher-than-expected turnout, but ballot supply should be based on the assumption that every eligible voter may cast a vote. The practical test is whether the government and election authorities publicly explain the failure, identify responsibility and prevent any repeat of the same breakdown.AI Infrastructure Borrowing Pushes Big Tech Deeper Into Global Bond MarketsCloud & Data CentersJun 3, 2026AI Infrastructure Borrowing Pushes Big Tech Deeper Into Global Bond MarketsAlphabet and Amazon are using non-U.S. corporate bond markets to broaden funding for AI infrastructure and data center investment. Amazon raised 14.5 billion euros in March, while Morgan Stanley expects about 50 billion euros of hyperscaler euro debt this year. The practical test is whether international bond markets can absorb more AI-linked technology issuance without taking on greater sector volatility.Intel Xeon 6+ Launch Puts CPU Supply on the AI Infrastructure WatchlistChips & SemiconductorsJun 3, 2026Intel Xeon 6+ Launch Puts CPU Supply on the AI Infrastructure WatchlistIntel launched Xeon 6+ "Clearwater Forest" at Computex 2026 for scale-out data center workloads. The processor tops out at 288 Darkmont E-cores per socket, 576MB of L3 cache and compute tiles built on Intel 18A. The practical test is whether constrained CPU allocation becomes a larger bottleneck for agentic AI data center deployments.UAE Banks Lead Regional Responsible AI Push as Adoption Gap NarrowsAIJun 3, 2026UAE Banks Lead Regional Responsible AI Push as Adoption Gap NarrowsEmirates NBD ranked first and First Abu Dhabi Bank ranked third in a responsible AI index for Middle East and Africa banks. The Evident AI Index surveyed more than 100 companies and weighted talent highest at 45 per cent across four assessment metrics. The practical test is whether UAE banks can turn responsible AI rankings into measurable deployment across customer engagement, risk analytics and core banking workflows.Abu Dhabi Rent Freeze Turns Housing Costs Into a Property-Market WatchpointReal EstateJun 3, 2026Abu Dhabi Rent Freeze Turns Housing Costs Into a Property-Market WatchpointAbu Dhabi Real Estate Centre froze rent increases for residential, commercial and industrial properties until further notice. The measure sets renewals at a zero per cent increase and excludes Abu Dhabi Global Market (ADGM) communities such as Al Maryah Island and Reem Island. The next signal is whether the temporary freeze eases tenant pressure without weakening landlord incentives in a tight rental market.