Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content

Cybersecurity researchers have flagged a new campaign targeting Minecraft players via YouTube to spread malware capable of gaining control of victims' systems. The Minecraft-focused malware-as-a-service (MaaS) campaign has been codenamed Weedhack by McAfee Labs, stating the activity has been active since January 2026 and impersonates Minecraft clients and mods to infect users. In all, 3820

According to the report, the Weedhack campaign uses YouTube as a distribution vector to target Minecraft players with a malware-as-a-service (MaaS) offering that masquerades as Minecraft clients and mods, enabling full system compromise. The article also notes that other malware such as CountLoader and cryptominers are being spread at scale via pirated content channels. From a CyberSE.AI perspective, while this campaign is not explicitly AI-driven, it illustrates how consumer platforms and gaming ecosystems can be abused as high-volume delivery channels that could similarly be used to distribute AI-powered malware, data-theft tools, or poisoned models. Organizations operating gaming, creator, or content platforms should apply continuous AI red teaming to any recommendation, moderation, or automation systems involved in content vetting to detect and mitigate future AI-augmented malware campaigns that exploit similar distribution patterns.