Cybercriminals are actively targeting large Counter-Strike 2 (CS2) competitions, like IEM Katowice 2025 and PGL Cluj-Napoca 2025, in an attempt to deceive gamers into compromising their Steam accounts and cryptocurrency.
Despite being released 13 years ago, CS2 (CS: GO) continues to have a massive audience and a thriving e-sports scene with multimillion-dollar prizes. In early February, the game reached a new milestone with over 1.7 million simultaneous players on Steam.
The fraudulent campaign, known as “streamjacking,” was uncovered by Bitdefender Labs specialists. Attackers impersonate professional CS2 players like S1mple, M0NESY, NIKO, and DONK, creating fake livestreams on YouTube. These fake streams promise free skins and cryptocurrency giveaways, luring viewers to click on malicious links.
The fraudsters hack YouTube accounts, renaming them to famous players, and broadcast edited footage of old games to make them appear as ongoing streams. The videos include QR codes and links to fake websites, where viewers are prompted to log in through Steam or send cryptocurrency with a promise of doubling their funds.
Upon gaining access to the victim’s account, scammers can exploit the Steam Profile, accessing valuable gaming items in the inventory. Any transferred cryptocurrency funds are immediately redirected to the cybercriminals’ wallets.
To appear more legitimate, scammers use logos of popular trading platforms like CS.Money and mention major e-sports tournament sponsors such as Intel and Lenovo.
Gamers are advised to be cautious and avoid trusting such streams. It is crucial to verify the official pages of professional players, utilize two-factor authentication to secure their Steam accounts, and monitor input activity closely. Any offers promising cryptocurrency doubling or free valuable items should be seen as clear indicators of fraud.