Наталя Хандусенко Hot News 5 June 2026, 15:35

Malware in Minecraft mods gave hackers access to 116,000 players' webcams for just $5

Someone built a hacking business on Minecraft with a free plan, leaderboards, and a suggestion box.

The campaign, dubbed WeedHack, was discovered by researchers from McAfee, who published their findings on June 2. At the time of the report's publication, 116,464 infections had been recorded, Dexerto reports .

The scheme had been operating since January 2026, attracting 2,000 to 3,000 new victims each day. Most similar malware creation tools cost between $250 and $500 per month and require access to the darknet, while WeedHack only required a Discord account to use.

The malware was distributed via fake YouTube tutorials and download sites with “poisoned” SEO optimization, designed to outrank official mod pages in search results. Users of clients such as Meteor, LiquidBounce, and Wurst were among the victims of the attack.

Once downloaded, the malware worked invisibly in four stages: connecting to a command-and-control server hidden inside the Ethereum blockchain (to avoid being blocked), disabling Windows Defender, anchoring itself to the system to remain there after reboots, and — for paid customers — giving the attacker direct access to the victim’s screen, webcam, and files. The premium plan started at just $5 per month.

Even the free version itself had serious functionality. It stole saved passwords and cookies from 36 browsers, Discord and Steam credentials, cryptocurrency wallet data, and Minecraft session IDs, which allowed attackers to take over accounts without a password at all.

What McAfee researchers certainly didn’t expect to find was how customers were using the tool. Monitoring the campaign’s Telegram channel, which had more than 850 members, they found that the teens appeared to be using the remote access tools not to steal money but to harass their peers—they recorded victims via their webcams and posted the videos to the channel. The Telegram channel has since been blocked, but the hacking campaign itself hasn’t; its operators are actively launching new domains as old ones are blacklisted.

The service accepted Bitcoin and Litecoin, created a new wallet address for each transaction to avoid tracking, and had a wishlist where users voted for the addition of a “screamer” feature and ransomware support as the most anticipated updates.

Meta's AI support bot allowed hackers to effortlessly take over Instagram accounts: even two-factor protection didn't help

Hackers from Russia attacked the Ukrainian sex shop LOVESPACE. Customers' phone numbers were leaked

European cyber experts have discovered a new Russian hacker group called GREYVIBE, which is attacking Ukraine using AI