Windows Central Insider
With Minecraft being one of the most popular games in the world — and being one of the most modded games in the world — it's not uncommon for hackers to try and use mods for Xbox and Mojang Studios' sandbox survival game as an attack vector. At the moment, though, there's an especially dangerous piece of malware going around that anyone who mods Minecraft (or knows someone that does) needs to know about.
I'm referring to "WeedHack," a piece of malicious software discovered by McAfee researchers that's been distributed to attackers through a Malware-as-a-Service (MaaS) campaign. It's been active since January, and unlike most hacking tools that often cost hundreds of dollars, WeedHack is extremely cheap — making it uniquely dangerous.
There's a free tier available that anyone can sign up for, with Premium plans that start at $5/month giving bad faith actors access to a more advanced version of the software that has more severe capabilities.
Attackers use WeedHack by hiding it within Minecraft mod files, effectively using them as a Trojan horse of sorts. Links to download these files are then shared on convincing fake mod hosting sites, in the description of phony mod review YouTube videos, or in comment sections.
Once they're downloaded, WeedHack quietly uses the Ethereum blockchain to connect to a secret network, then disables Windows Defender safeguards and embeds itself in your system before stealing everything from Minecraft session IDs and system information about your computer to passwords from Steam, Discord, and your browser and crypto wallet credentials.
Frighteningly, the Premium tier of WeedHack is also capable of giving a hacker live access to your computer's webcam, the power to force screen-sharing with mouse and keyboard control, command-line control over your PC, and the ability to upload or download files to your system.
McAfee says that while researching WeedHack by spying on its now-deleted Telegram server, it discovered that many of its users are teenagers and young adults — no doubt able to make use of the software because of its extremely low barrier to entry. Reportedly, while the malware could be used for financial theft, it's largely been wielded as a tool for cyberbullying and harassment.
Researchers say they witnessed attackers sharing videos recorded from the webcams of victims as trophies, and claiming that they used stolen IP addresses and passwords to threaten those they'd infected with WeedHack.
At the time of writing, over 116,000 users have been affected by WeedHack attacks in some way, and the malware campaign is reportedly "averaging 2,000 to 3,000 new hits every single day."
So, what can you do to protect yourself? Above all else, you should never download a Minecraft mod — or a mod for any game, for that matter — from a source that's not trusted by the community. For Minecraft, that means sticking to CurseForge or Modrinth; for other games, you should only download from Nexus Mods or ModDB. I can't stress this enough.
You may want to consider security software like McAfee's as well, as it may succeed in thwarting WeedHack's intrusion attempts where Windows Defender fails. McAfee says its Web Protection will prevent you from visiting sites where files can be downloaded in the first place, and that its antivirus will successfully prevent the malware from working if you do get it.
It's tragic that such a damaging piece of malware is running rampant on the web right now, and a sobering reminder of how important it is to be very careful about where you're downloading files from. Be smart, friends.
Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.
