A malware-as-a-service campaign dubbed Weedhack has been targeting Minecraft players since January 2026, distributing malicious software disguised as game clients and mods via YouTube. The operation has already compromised approximately 86,000 systems and includes components such as CountLoader and cryptocurrency miners. The campaign highlights how gaming communities remain a significant vector for delivering credential-stealing and system-control malware at scale.

Architect’s Take: If your organisation permits personal devices or BYOD access to cloud workloads, ensure endpoint detection controls can identify MaaS-delivered loaders such as CountLoader, and audit whether compromised personal credentials could pivot into corporate cloud environments via SSO or reused passwords.

Original advisory: Weedhack Attacks Minecraft Users, CountLoader Hits 86K, Miners Spread via Pirated Content