The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

From Minecraft Mods to Malware-as-a-Service: Inside the Weedhack Ecosystem

Jun 8, 2026 2:09:51 PM / by The Hivemind posted in Threat Bulletin, Malware-As-A-Service, MaaS, credential stealers, Weedhack, Minecraft Malware, Minecraft RAT, Ethereum Malware, EtherHiding, Gaming Cybercrime

0 Comments

Verticals Targeted: Gaming, Cryptocurrency
Regions Targeted: US, Germany, India, UK, Italy, Vietnam, Canada, Norway, Sweden, Finland, Spain
Related Families: Weedhack

Executive Summary

Researchers have identified Weedhack, a Minecraft-focused Malware-as-a-Service (MaaS) operation active since at least January 2026 that distributes malware through YouTube promotion, SEO poisoning, and counterfeit Minecraft mod websites. The campaign combines credential theft, cryptocurrency wallet theft, Minecraft account hijacking, and premium remote-access capabilities including webcam surveillance, keylogging, screen sharing, and reverse shell access. Operators claim the platform has accumulated more than 116,000 hits and offers subscriptions starting at $5 USD per month, significantly lowering barriers to entry for aspiring cybercriminals and increasing risk to younger users within gaming communities.

Read More

MuddyWater Targets MENA Governments With Phoenix Backdoor

Nov 3, 2025 2:09:14 PM / by The Hivemind posted in Threat Bulletin, MuddyWater, Phishing Campaign, credential stealers, cyber espionage, Middle East targeting, VBA macros, FakeUpdate injector, Iran APT, Phoenix Backdoor, RMM tools

0 Comments

Verticals Targeted: Government
Regions Targeted: Middle East, North Africa
Related Families: Phoenix, FakeUpdate

Executive Summary

A sophisticated phishing operation has been attributed to the Iran-linked APT MuddyWater, deploying an updated Phoenix backdoor to conduct espionage against government and international entities. The campaign leverages compromised mailboxes and macro-enabled Word documents to deliver custom injectors and persistence mechanisms, highlighting the group's reliance on trusted channels for initial access.

Read More

EvilAI

Oct 14, 2025 1:18:06 PM / by The Hivemind posted in EvilAI malware, AI-generated trojans, Node.js malware, credential stealers, AES-256-CBC encryption, social engineering attacks, infostealer payloads

0 Comments

Verticals Targeted: Manufacturing, Government, Healthcare, Technology, Retail, Education, Financial, Construction
Regions Targeted: India, US, Europe, Brazil, Canada
Related Families: None

Executive Summary

The EvilAI malware campaign leverages AI-generated code and deceptive applications with valid digital signatures to infiltrate systems globally, targeting critical industries like manufacturing, government, and healthcare. By mimicking legitimate software and employing sophisticated obfuscation, EvilAI evades detection, exfiltrates sensitive data, and maintains persistent control via encrypted C2 communications, posing a significant threat to organizations worldwide.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More