Threat actors are targeting gamers through a malicious “Streamjacking” campaign that exploits major Counter-Strike 2 (CS2) competitions such as IEM Katowice 2025 and PGL Cluj-Napoca 2025. Although CS2 has been around for over a decade, it still boasts a massive community and an active professional competition scene with multi-million-dollar rewards. Recently, CS2 reached a new milestone, with over 1.7 million concurrent players on Steam. The game’s large player base makes it a prime target for scammers who seek to exploit the ongoing interest in competitive gaming.
The scammers hijack legitimate YouTube channels of popular CS2 players like s1mple, NiKo, and donk, rebranding them to impersonate these professionals.
They livestream old gameplay footage, making it appear as though the stream is live, thus tricking viewers into believing they are watching a real event. In these streams, the scammers promote fake CS2 skin and cryptocurrency giveaways, enticing viewers to click on QR codes or links that direct them to malicious websites.
Once on the malicious websites, viewers are asked to log in with their Steam account to claim their alleged gifts or to send cryptocurrency in exchange for receiving double the amount in return. These requests are fraudulent, and once victims enter their credentials or send cryptocurrency, they unknowingly grant access to the scammers. The attackers then steal valuable CS2 skins and other in-game items or transfer the cryptocurrency to scammer-controlled wallets, leaving the victims with nothing.
To stay safe, gamers are advised to be cautious of these scams, which are also circulating on other platforms beyond YouTube. Bitdefender recommends that players verify any claimed affiliations with official esports organizations before providing sensitive information. Additionally, gamers should activate multi-factor authentication (MFA) on their Steam accounts, enable Steam Guard Mobile Authenticator, and regularly review login activity for suspicious signs. It’s also advised that viewers only watch livestreams from verified pro player accounts and be wary of channels with similar names or unverified giveaways, as even legitimate accounts can be hijacked for scams.
