The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

From Minecraft Mods to Malware-as-a-Service: Inside the Weedhack Ecosystem

Jun 8, 2026 2:09:51 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, MaaS, credential stealers, Weedhack, Minecraft Malware, Minecraft RAT, Ethereum Malware, EtherHiding, Gaming Cybercrime

0 Comments

Verticals Targeted: Gaming, Cryptocurrency
Regions Targeted: US, Germany, India, UK, Italy, Vietnam, Canada, Norway, Sweden, Finland, Spain
Related Families: Weedhack

Executive Summary

Researchers have identified Weedhack, a Minecraft-focused Malware-as-a-Service (MaaS) operation active since at least January 2026 that distributes malware through YouTube promotion, SEO poisoning, and counterfeit Minecraft mod websites. The campaign combines credential theft, cryptocurrency wallet theft, Minecraft account hijacking, and premium remote-access capabilities including webcam surveillance, keylogging, screen sharing, and reverse shell access. Operators claim the platform has accumulated more than 116,000 hits and offers subscriptions starting at $5 USD per month, significantly lowering barriers to entry for aspiring cybercriminals and increasing risk to younger users within gaming communities.

Read More

SantaStealer

Dec 23, 2025 12:13:07 PM / by The Hivemind posted in Threat Bulletin, Infostealer, Malware-As-A-Service, Emerging Threat, Windows Malware, credential theft, information stealer, C language malware, SantaStealer

0 Comments

Verticals Targeted: Not specified
Regions Targeted: Not specified
Related Families: BluelineStealer, ChromElevator

Read More

CastleRAT

Sep 15, 2025 2:37:49 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, Emerging Threat, Phishing Attacks, CastleLoader, Remote Access Trojan, TAG-150, CastleRAT, malware infrastructure, command-and-control, anti-detection services, network intelligence

0 Comments

Verticals Targeted: Not specified 
Regions Targeted: US
Related Families: CastleLoader

Read More

Atomic Stealer Evolves

Jul 25, 2025 2:47:25 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, Evolving Threat, Spear Phishing, Cryptocurrency Theft, macOS security, Atomic macOS Stealer, AMOS malware, macOS backdoor, persistent access, Moonlock cybersecurity

0 Comments

Verticals Targeted: Cryptocurrency, Freelancers, Artists
Regions Targeted: United States, France, Italy, United Kingdom, Canada, others
Related Families: None

Read More

BunnyLoader

Oct 9, 2023 12:00:10 PM / by The Hivemind posted in Threat Bulletin, Loader, BunnyLoader, Malware-As-A-Service, Cybercrime

0 Comments

Executive Summary

BunnyLoader is a recently discovered malware-as-a-service (MaaS) threat being sold on multiple forums. It was released in September 2023 and appears to be under active development, with feature updates and bug fixes available.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More