Menace actors are exploiting main Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, to defraud avid gamers and steal their Steam accounts and cryptocurrency.
Though CS2 first launched 13 years in the past, it nonetheless maintains a large group of performs and an energetic skilled competitors panorama with multi-million rewards.
Characteristically, earlier this month, CS2 achieved a brand new peak participant depend of over 1.7 million concurrent gamers on Steam.
CS2 streamjacking marketing campaign
A malicious “Streamjacking” marketing campaign was noticed by Bitdefender Labs, focusing on the gaming group by impersonating widespread CS2 gamers.
The safety agency warns that the menace actors impersonate skilled CS2 gamers like s1mple, NiKo, and donk in reside streams on YouTube, selling pretend CS2 pores and skin and cryptocurrency giveaways.
Supply: Bitdefender
The channels that promote these scams are hijacked legit YouTube accounts, which the scammers rebrand as wanted to impersonate skilled gamers.
What they present in these livestreams is loops of previous gameplay footage, making it seem reside to anybody who hasn’t watched them earlier than.
QR codes or hyperlinks on these movies direct viewers to malicious web sites the place they’re requested to log in with their Steam account, supposedly to assert their presents or ship cryptocurrency to obtain double in return.
“As soon as logged in, victims unknowingly grant entry to scammers, permitting them to steal priceless skins and gadgets. If cryptocurrency is shipped, it’s instantly transferred to scammer-controlled wallets,” explains BitDefender.
Bitdefender says these scams usually use names of legit platforms like CS.MONEY or esports sponsorships to additional improve the deception.
Supply: Bitdefender
The right way to keep protected
Avid gamers needs to be cautious of those scams circulating on YouTube and presumably elsewhere, and they need to confirm claimed affiliations with official esports organizations earlier than coming into any delicate data on web sites.
Guarantees to double or triple crypto property by first sending some are at all times scams, with no exceptions.
To maintain Steam accounts protected, all customers ought to activate multi-factor authentication (MFA), allow ‘Steam Guard Cell Authenticator,’ and often evaluate login exercise for suspicious sign-ins.
On YouTube, solely watch movies from official professional participant accounts that you’ve subscribed to, and be suspicious once you see the identical gamers live-stream on different, even equally named channels.
Keep in mind that even legit YouTube channels may be hijacked to advertise scams, so no giveaways needs to be blindly trusted.