New Weedhack Malware-as-a-Service Targets Minecraft Players to Steal Credentials, and Hijack Accounts

Weedhack is a commercially structured Malware-as-a-Service operation targeting Minecraft users via trojanized JAR mods/clients distributed through YouTube, SEO manipulation, and fake sites; it harvests browser credentials, Discord/Steam/Telegram logins, and cryptocurrency wallets, and offers remote access/surveillance capabilities. The malware leverages Ethereum smart contracts for decentralized C2, uses JNIC obfuscation to hinder analysis, and researchers identified thousands of malicious JARs, hundreds of distribution URLs and multiple SHA-256 IoCs.