Hackers Spread WeedHack Malware via YouTube and SEO Poisoning

Date: 06/03/2026

Severity: High

Summary

Hackers are increasingly abusing trusted platforms like YouTube and search engines to distribute malware. A newly uncovered campaign called "WeedHack" specifically targets Minecraft's massive player base. Minecraft's open ecosystem of mods and custom clients makes it a prime target for cybercriminals. Since January 2026, WeedHack has used a user-friendly Malware-as-a-Service model for large-scale distribution. Researchers found over 3,820 malicious JAR files disguised as popular mods, cheats, and clients. The campaign relies on high-traffic YouTube videos and SEO poisoning to lure users into downloading the malware.

Indicators of Compromise (IOC) List

Hash :

F2100e1f73477bc565f8909e069942dac1f884654ed4ba213ca9a84b1e761ab8

D3f2464ae0e48218e1d48bdfab8301ee5236f7624adcdba1720dc27058461076

B982fbafa954a8dcf7cfcffe31bcF75a86b052b1f01cf535ffcafd2c48a56b60

29546a03e07bfeb3025313b12671c758ced1c4921a4bc859a7ab40ec52584cdb

D81b98a69363d8d994ef553beEb5e15384ed32f0e343708b73c7e6b313b9aace

F790346bece8e448313f701586Cc7fd18291dfda721aae8d86ebfacf14055645

5f7680feccc15814299df3c3c11e9b1c4f33069aac5a19c03b87e15f30c2312b

256b5b5d0524c442261028767B94f7188b0b81663b50c63300fca7733a04ea7d

E123d1f7cbea562237f7a5f50638d148fb58048c9ad095e0b0ad52e43bfedad0

D468983f98ff100ad8fd613315Af4c88d67bec76782b66b260c413c587987bf0

Ef31bb219b84744e02f90947f31a25958b2b34524ed3795799ed6eff876e4bcd

5d537a058ec19e6ceea593738F122b777d866042ea0bad194539757de13c46f4

697ee941abee202d8e84e5e3fEd8b9f34eea8772ee56dc867fce017507a5eeaf

F9a6911e8d9130c779db2e79f901d75d90f9e3ad08c36e7fb927959b7d988bae

86f8c0a92eb9aba3c3416667361652a9e11b6ddc1119bb5b3564bc107b950ddb

790ff5cda1668e7aa390fbb1682a4d578195aa40542f64b7b6d56a6eccde12c9

Db533717da686f3b76b9de85eCd80d326a14572056a33d31f794bffbffd96c26

8b53f53f72b8fef755666b6f239C06a69a9940e1b9f5d19e022150750035fa80

6b2218999ac27f6085cb02f693A3c99bd6abedfc20e00e22709e526015c89f4e

9682adf40a3621ffe5e1b426c5B90d0ed70e663738857bb4d18d37d93bbd4e6c

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Detection Query 1 :

sha256hash IN ("D3f2464ae0e48218e1d48bdfab8301ee5236f7624adcdba1720dc27058461076","D81b98a69363d8d994ef553beEb5e15384ed32f0e343708b73c7e6b313b9aace","F2100e1f73477bc565f8909e069942dac1f884654ed4ba213ca9a84b1e761ab8","B982fbafa954a8dcf7cfcffe31bcF75a86b052b1f01cf535ffcafd2c48a56b60","F790346bece8e448313f701586Cc7fd18291dfda721aae8d86ebfacf14055645","29546a03e07bfeb3025313b12671c758ced1c4921a4bc859a7ab40ec52584cdb","5f7680feccc15814299df3c3c11e9b1c4f33069aac5a19c03b87e15f30c2312b","256b5b5d0524c442261028767B94f7188b0b81663b50c63300fca7733a04ea7d","E123d1f7cbea562237f7a5f50638d148fb58048c9ad095e0b0ad52e43bfedad0","D468983f98ff100ad8fd613315Af4c88d67bec76782b66b260c413c587987bf0","Ef31bb219b84744e02f90947f31a25958b2b34524ed3795799ed6eff876e4bcd","5d537a058ec19e6ceea593738F122b777d866042ea0bad194539757de13c46f4","697ee941abee202d8e84e5e3fEd8b9f34eea8772ee56dc867fce017507a5eeaf","F9a6911e8d9130c779db2e79f901d75d90f9e3ad08c36e7fb927959b7d988bae","86f8c0a92eb9aba3c3416667361652a9e11b6ddc1119bb5b3564bc107b950ddb","790ff5cda1668e7aa390fbb1682a4d578195aa40542f64b7b6d56a6eccde12c9","Db533717da686f3b76b9de85eCd80d326a14572056a33d31f794bffbffd96c26","8b53f53f72b8fef755666b6f239C06a69a9940e1b9f5d19e022150750035fa80","6b2218999ac27f6085cb02f693A3c99bd6abedfc20e00e22709e526015c89f4e","9682adf40a3621ffe5e1b426c5B90d0ed70e663738857bb4d18d37d93bbd4e6c")

Reference:

https://gbhackers.com/hackers-spread-weedhack-malware/

Hackers Spread WeedHack Malware via YouTube and SEO Poisoning

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Comments

Hackers Spread WeedHack Malware via YouTube and SEO Poisoning

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Share This

Comments