Malware Campaign Infects Over 116,000 Minecraft Systems Globally

LONDON (AP) — A sophisticated malware campaign dubbed WeedHack has infected more than 116,000 computer systems worldwide since January, targeting players of the popular video game Minecraft through malicious modifications and utilities. The operation, identified as a Malware-as-a-Service platform, has primarily affected users in the United States, Germany, India, and the United Kingdom.

The campaign distributes malicious code by disguising it as legitimate game mods, clients, and utility tools. Operators have utilized YouTube videos and search engine optimization poisoning to direct users to compromised download sites. Once installed, the malware grants attackers remote access to infected systems, allowing for data theft, cryptocurrency mining, and further network infiltration.

Security researchers identified the campaign on June 2, 2026, noting a significant surge in infections over the past five months. The scale of the operation suggests a coordinated effort by a criminal group leveraging the popularity of Minecraft to reach a vulnerable audience. The game's extensive modding community has historically been a target for similar campaigns, but the volume of infections in this instance marks a notable escalation.

The malware functions as a remote access trojan, enabling operators to control infected devices without user knowledge. Victims often report performance degradation or unexpected system behavior, though many infections remain undetected. The campaign's infrastructure is designed to evade detection by standard security software, utilizing obfuscation techniques and dynamic command-and-control servers.

Geographic analysis indicates a heavy concentration of infections in English-speaking regions and major European markets. The United States accounted for the largest share of compromised systems, followed by Germany and the United Kingdom. India also reported a significant number of infections, highlighting the global reach of the operation.

The motivations behind the campaign remain unclear. While the malware's capabilities suggest potential for financial gain through data theft or resource exploitation, no specific demands or ransom notes have been linked to the infections. The operators have not claimed responsibility, and the identity of the group behind WeedHack is unknown.

Minecraft developer Mojang has not issued a public statement regarding the campaign. Game administrators are urging players to download mods and utilities only from verified sources and to exercise caution when clicking links in video descriptions or search results.

The full extent of the damage caused by the campaign is still being assessed. Security firms are working to identify all affected systems and provide remediation tools. The incident underscores the ongoing risks associated with downloading unverified software, even within the gaming community.

Questions remain regarding the operators' ultimate objectives and whether the campaign will expand to other gaming platforms. As investigations continue, cybersecurity experts warn that similar tactics could be employed in future attacks targeting other popular online communities.