The popular Counter-Strike 2 shooter is facing a threat following the discovery of a vulnerability that allows attackers to access players’ personal data.
The attack takes place in a cunning and inconspicuous manner. The attacker modifies their nickname in the Steam profile to include HTML code with a link to an image in any format. Subsequently, the hacker initiates a vote in the game, such as one to “kick” a specific player. When other players see the voting window on their screens, the embedded malicious code in the image link is executed, resulting in the theft of connected gamers’ data.
In the video provided below, the attacker demonstrates their ability to retrieve the IP addresses of all players in the session. However, there is potential for other sensitive information to be obtained through this vulnerability.
The Counter-Strike 2 community strongly advises refraining from playing the game until the vulnerability is eliminated.