The PolySwarm Blog

Verticals Targeted: Gaming, Cryptocurrency
Regions Targeted: US, Germany, India, UK, Italy, Vietnam, Canada, Norway, Sweden, Finland, Spain
Related Families: Weedhack

Executive Summary

Researchers have identified Weedhack, a Minecraft-focused Malware-as-a-Service (MaaS) operation active since at least January 2026 that distributes malware through YouTube promotion, SEO poisoning, and counterfeit Minecraft mod websites. The campaign combines credential theft, cryptocurrency wallet theft, Minecraft account hijacking, and premium remote-access capabilities including webcam surveillance, keylogging, screen sharing, and reverse shell access. Operators claim the platform has accumulated more than 116,000 hits and offers subscriptions starting at $5 USD per month, significantly lowering barriers to entry for aspiring cybercriminals and increasing risk to younger users within gaming communities.

Executive Summary

BunnyLoader malware as a service (MaaS) released its latest variant, BunnyLoader 3.0, in February. BunnyLoader 3.0 boasts multiple improvements, including a reduced payload size, keylogging capabilities, and a modular structure.

Executive Summary

AresLoader is a loader malware-as-a-service (MaaS) active in the wild since at least November 2022. AresLoader is designed to masquerade as legitimate software, while covertly downloading malicious payloads.