Overview
- McAfee researchers reported Tuesday that the WeedHack operation has infected about 116,464 systems since January and is adding roughly 2,000–3,000 new infections per day.
- The campaign spreads through malicious Minecraft mods, clients and cheat tools promoted on YouTube and via search‑engine poisoning that steer users to hosted JAR downloads.
- WeedHack runs as a malware‑as‑a‑service with a public dashboard that shows stolen data, builds payloads and offers a free infostealer plus a low‑cost premium tier that adds webcam, keylogger and remote shell features.
- The attack uses a staged Java JAR chain starting with DonutDupe.jar, uses an EtherHiding technique to resolve command‑and‑control, and drops further JARs that set persistence and configure Defender exclusions.
- Researchers warn the tool disproportionately affects younger players and has been used to harass victims, and they link the campaign to a wider trend of malware distributed via cracked software and pirated sites such as the CountLoader and cryptominer operations.