CS:GO hackers can inject malware to steal passwords; Valve yet to fix the vulnerability

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


A new vulnerability related to CS:GO has come to light, as The Secret Club, a not-for-profit reverse-engineering group, tweeted about a security flaw in CS:GO, which hackers can use to run programs on a user’s system.

This potentially means hackers can steal skins and passwords and inject malware into a CS:GO player’s system using the flaw, which is technically called a remote code execution flaw.

Two years ago, The Secret Club members discovered this vulnerability in Valve’s game and let Valve know about it through a bug-bounty platform called HackerOne.

Valve is a customer of HackerOne, which provides cybersecurity solutions to many more big companies, like Uber, Goldman Sachs, and Nintendo, to name a few.


Hackers can exploit CS:GO’s critical security flaw to breach user’s systems

From what is implied from different reputed sources, the ethical hackers are under a non-disclosure agreement with the HackerOne platform, which deters them from disclosing the vulnerability to the public.

As can be made out of the videos in the tweets of the Secret Club, hackers can use Steam invites to access a user’s system utilizing a remote code execution flaw that affects all source engine games, which includes CS:GO, Titanfall 1, Titanfall 2, Apex Legends, etc.

This is one of the first vulnerabilities that the Secret Club reported, and this was two years ago. To be precise, it was Florian from the Secret Club, and needless to say, this is still to be fixed from the side of Valve.

In a second tweet on…

Source…