WeedHack is an active Malware-as-a-Service infostealer campaign that has infected over 116,000 systems since January 2026 by distributing trojanized Minecraft mod files via YouTube SEO poisoning. The enterprise risk is credential reuse: employees gaming on personal devices may carry harvested browser credentials, session cookies, and SSO tokens into corporate systems. The campaign does not exploit a Minecraft vulnerability — it exploits user trust in community mod distribution channels.