Dangerous Minecraft mod malware is stealing passwords, webcam access, and more

A dangerous malware campaign called WeedHack is spreading through fake Minecraft mod downloads, and it has already affected more than 116,000 players since January. Security researchers say the malware is gaining 2,000 to 3,000 new hits every day, making it a serious threat for anyone who downloads Minecraft mods from unknown websites, YouTube descriptions, or comment sections.

The risk is high because Minecraft is one of the most modded games in the world. Many players regularly download custom content, texture packs, tools, launchers, and gameplay mods. Attackers are taking advantage of that habit by hiding WeedHack inside files that appear to be normal Minecraft mods.

Once someone downloads and runs an infected file, the malware quietly connects to a hidden network using the Ethereum blockchain. It then disables Windows Defender protections, embeds itself into the system, and begins stealing sensitive information.

The stolen data can include Minecraft session IDs, computer information, browser passwords, Steam credentials, Discord passwords, and crypto wallet details. That alone makes WeedHack dangerous, but the paid version is even worse.

The malware is being sold through a Malware as a Service model. That means attackers do not need to build their own hacking tool. They can simply sign up and use WeedHack. There is even a free tier, while paid plans reportedly start at $5 per month. That low price makes the malware especially dangerous because it lowers the barrier for inexperienced attackers.

Security researchers also found that many of the people using WeedHack appear to be teenagers and young adults. According to the report, the malware is not only being used for financial theft. It is also being used for cyberbullying and harassment. Attackers have reportedly shared webcam recordings of victims as trophies and used stolen IP addresses and passwords to threaten people.

That makes this more than a normal account stealing campaign. WeedHack can turn a fake Minecraft mod into a tool for privacy invasion, blackmail, and remote abuse.

The safest advice is simple: do not download Minecraft mods from random websites, YouTube video descriptions, Discord links, or comment sections. Stick to trusted community sources such as CurseForge and Modrinth. For other games, safer options include well known platforms such as Nexus Mods and ModDB.

Players should also be careful with any mod that asks them to disable antivirus protection, run an unknown installer, or download files from a strange hosting site. Those are major warning signs. A legitimate Minecraft mod should not need unusual permissions or hidden setup steps.

If you think you may have downloaded a suspicious mod, disconnect from the internet, run a full antivirus scan, change your passwords from a different clean device, enable two factor authentication, and check your Steam, Discord, Microsoft, and Minecraft accounts for unusual activity. Crypto wallet users should be especially cautious because stolen wallet credentials can lead to permanent loss.

Parents should also pay attention. Minecraft has a large younger audience, and many younger players may not understand how risky unofficial downloads can be. A fake mod review video or a realistic looking download page can easily trick someone who only wants a new feature for the game.

WeedHack is a reminder that modding is fun, but it needs caution. Minecraft mods can add years of life to the game, but only when they come from trusted sources. Right now, downloading from the wrong place can cost much more than a game account. It can expose private messages, passwords, files, webcam footage, and control of the whole PC.