Minecraft is one of the most popular games on the planet. So, of course, that makes Minecraft players a prime target for hackers.
In a new cybersecurity report, researchers from McAfee Labs describe new malware that has already logged more than 116,000 hits. When the report was published on June 2, McAfee Labs found that the campaign logs between 2,000 and 3,000 malicious hits every day.
Dubbed WeedHack, the malware is being offered as a malware-as-a-service (MaaS). Rather than being shared on the dark web, McAfee reports that WeedHack is readily available on the open web. This means that bad actors don’t need any real technical knowledge to deploy the malware. For as low as $5 per month, would-be hackers can access WeedHack, infect a target of their choice, and deploy a range of tools against that victim.
McAfee Labs also uncovered a Telegram channel for WeedHack customers made up of more than 850 members. Inside the Telegram channel, McAfee found that many of the attackers appeared to be teenagers and young adults who used the malware-as-a-service to cyberbully other young people. WeedHack customers discussed utilizing the remote access capabilities to threaten, harass, and spy on their victims.
WeedHack is spreading through YouTube and Google, report says
The report finds that WeedHack is primarily spread through YouTube videos promoting Minecraft mods, clients, and other game-enhancing third-party add-ons. In reality, the Minecraft mods and clients are really the WeedHack malware in disguise.
McAfee’s report includes a screenshot of a YouTube comments section of a video promoting the malware. It shows a viewer informing the video creator that his computer warned about potential malware when downloading the file in the video description. The bad actor then assures the user that the file is definitely not malware.
In addition, the bad actors reportedly use SEO poisoning tactics to rank fake websites and pages that pose as real Minecraft clients. McAfee Labs listed the following legitimate clients as targets for WeedHack:
Mashable Light Speed
-
Meteor Client
-
Radium Client
-
Wurst Client
-
Aristois
-
LiquidBounce
-
Impact Client
-
Future Client
-
Inertia Client
-
Cornos Client
-
WWE Client
-
3arthh4ck
-
Salhack
-
Phobos
-
Gamesense
Some of these Minecraft mods and clients don’t have official websites and are just hosted on file-sharing websites, which makes it easier for hackers to manipulate search results with fake websites, the report says.
According to McAfee, players can protect themselves when downloading Minecraft mods and clients by watching out for red flags and using antivirus protection tools. If you are a young person contacted by bad actors who say they have hacked your system — especially if they are trying to blackmail you — talk to a trusted adult. You can also visit the Internet Crime Complaint Center for more information.
What happens when a target is infected with WeedHack malware?
That depends on how much the attacker paid for the malware, which has different subscription tiers.
WeedHack even provides a free tier, which promises to give attackers an infostealer that can target Minecraft session IDs, collect system information, search for files, take screenshots of the target’s system, and steal cookies and passwords from 36 different web browsers. The free tier also claims the attacker can target 56 browser-based crypto wallets, 12 desktop crypto wallets, as well as credentials for platforms such as Discord, Steam, and Telegram.
An attacker can also subscribe to the $5 per month premium tier to get additional remote-access capabilities, including “webcam access, keylogging, reverse shell execution, screen sharing with keyboard and mouse access, and file management features for uploading and downloading files,” according to McAfee.
The hacker can view all the stolen information via an enterprise-level dashboard.Â
As McAfee reports, many malware-as-a-service tools cost as much as hundreds of dollars per month, putting them out of reach for many malicious actors. However, WeedHack’s pricing makes it readily accessible to anyone looking to deploy these dangerous tools.
McAfee’s report on WeedHack serves as a warning, showing that not only is malware becoming more powerful, but it’s also becoming more accessible, too.
