Webcam-hacking Minecraft malware is disguising itself as mods, and it's infected thousands of PCs
The malware, built to look like Minecraft launchers and mods, gives hackers access to your screen, files, webcam, accounts, and passwords.
by Matt Porter · PCGamesNCybersecurity expert McAfee has discovered a dangerous new piece of malware that is spreading across the internet, disguised as Minecraft launchers and mods. Hackers are using YouTube to spread the software, logging over 116,000 infections since the start of 2026, and use it to steal passwords, hijack accounts, record every key typed, and take over victims' screens and webcams.
According to McAfee, between 2,000 and 3,000 people are being infected by WeedHack every day. Still, the scariest part is that it offers a free version to anyone with a Discord account. The free version is already incredibly powerful, allowing hackers to gather Minecraft session IDs, which can be used to take over accounts, steal saved passwords, take credentials from Steam and Discord, and access browser-based crypto wallets.
There's also a more powerful premium version, which can access your screen live, secretly watch you through your webcam, record every key typed on the hijacked PC, download and delete files, and even take remote shell access of the computer.
The report states that the software is masquerading as Minecraft mods and launchers, targeting young people eager to download extras for the sandbox game. Hackers are apparently being encouraged to post well-edited, high-quality videos on YouTube that avoid using AI to draw people in. These videos target specific keywords on the platform relating to the game and mods, and then include links that are supposed to allow fans of the game to download the mods, only to infect them with malware. Weedhack also recommends hackers to use Reddit and Discord to advertise their software.
Hackers are specifically targeting mods which don't have official websites and are generally hosted on other sites, including the likes of Meteor Client or Radium Client. With nowhere officially linked to these developers to go, it's easier to trick people into downloading the malware.
Hackers are using stolen information to contact those who they have hacked, demanding money to return the data and to give up the remote access they have to the infected PC. McAfee recommends not engaging or negotiating with the attacker and instead contact local law enforcement.
Unfortunately, the malware isn't just being used to steal information. McAfee's researchers discovered that many of the attackers are teenagers and young adults using the tool to "harass and bully their peers." The company says it witnessed hackers recording victims through their webcams without consent, and then shared them on a since-deleted Telegram channel.
To avoid malware, McAfee recommends only downloading mods and clients from websites like CurseForge or Modrinth, ensuring that your antivirus is updated and enabled, and avoiding downloads from comment sections. If you believe your PC has been infected, McAfee recommends disconnecting it from the internet, clearing your browser's cache and history, and using malware removal tools to rid your device of the software.
We've reached out to Mojang for comment on the situation and will update this article should we receive a response.