M80 kick off Pro League!
LIVE
April 30, 2022 07:40PM
Written by Scoobster

xQc, Cooper hit by new CS:GO console exploit on stream

During a stream, xQc's in-game console was flooded with messages advertising a Discord channel that he was not affiliated with.

During a CS:GO case unboxing stream by former Overwatch pro and variety streamer Félix "xQc" Lengyel, his console was forced open to display a message with the text "uh oh" that included a link to a Discord server. This raises enormous security questions as it could mean an attacker had access to his console. He did not join a community server beforehand, which likely means that an outside entity had access to send that message through his console.

It can also be seen in the clip that a line that includes "P2P" flashes, which likely suggests that this malicious attack was perpetrated in a peer to peer manner, which means the attacker either has xQc's IP address somehow or is using an exploit in Steam to relay P2P traffic to him via Steam servers. In that same line are two empty steam64ids, which are likely the accounts that the exploit is being run from.

Austin "Cooper" Abadir, a streamer and player for Mythic, also reported a similar incident happening to him. Michael ‘Swisher’ Schmid tweeted that Tyler "tweiss" Weiss was also affected by the same exploit, which solidifies the argument that this exploit is inherent to Steam and is not simply due to a folly on xQc's behalf. Talking with Dust2.us, Cooper added that he has forwarded his experience to the CS:GO devs.

https://twitter.com/swishcs/status/1520539427730124801

Cooper additionally says that the perpetrator of his attack was seeking an advertisement for his YouTube channel. Without revealing the culprit, it is a YouTuber who uploads videos of himself using exploits to troll streamers in various games such as CS:GO, Minecraft, and Agar.io to his impressive 1,000 subscribers. While xQc's attacker is yet unknown, it is possible that both were committed by the same actor. Responding to a question asking if the suspected individual was behind the xQc attack, he responded, "Possibly why?"

It is unknown at this time whether the same exploit used to attack xQc, Cooper, and tweiss can be used on other Steam users. It is also unknown whether the exploit allows any further malicious activity further than displaying a text message via the in-game console. Just this, however, is threatening, as unfettered access to the console is dangerously close to remote code execution.

Also read: ESIC: "expect to see a great increase in the number of sanctions over the next 6 to 12 months"

Also read

stanislaw's BHOP look to be speed demons with new additions
0 comments
724 days ago
SolGoat takes medical leave
0 comments
725 days ago
#1(With 0 replies)
April 30, 2022 07:51PM
Jimbob
thats kinda funny
#2(With 0 replies)
April 30, 2022 08:45PM
TrvsF
when you close vPorts with someone (probably something to do with the party system [that also used to leak ips]) you can change the closing message displayed on console? 8/8 again valve. doesnt seem "dangerously close to remote code execution" tho
also looks like these are some of the accs doing the spamming based on steam ids
steamid.xyz/935997971
steamid.xyz/936031498
#3(With 0 replies)
April 30, 2022 10:26PM
B0b3rT
Wtf
You must be logged in to add a comment.
Latest activity
Shimmer picked up by an org
(0)
WICKED pick up dAVE
(0)
M80 go down at the finish line in EPL opener
(0)
slaxz-: "This is the time where we can finally see what we're capable of"
(0)
ESIC ban NA ESEA Advanced player for betting violations
(0)
Valve updates global rankings with new formula breakdown
(0)
Media: Wildcard in talks with Brazilian prodigy
(1)
s1n: "M80 is the best place where I can learn and grow as an IGL"
(4)
What to expect from M80 v. BetBoom
(0)
Broken printers, 19-hour days, and delays upon delays; GET Rio's disastrous weekend
(0)
Half of Party Astronauts stuck in travel day hell
(1)
Limitless Angels part ways with three
(0)
VINI: "[After the Major] we had a break, but the break was stupid"
(0)
Swisher: "It's always a nice feeling beating the teams that I know we are better than"
(0)
EliGE loses longest-tenured title
(0)
Join Dust2.us' Fantasy for ESL Pro League Groups A & B
(1)
M80 smash Liquid to claim Esports World Cup spot
(2)
Loagurt steps down from WICKED
(0)
Match overview
Live
ESL Challenger League Season 47 North America
Wildcard
Elevate
Live
ESL Challenger League Season 47 North America
Nouns
One More
10:00PM
ESL Challenger League Season 47 North America
One More
Nouns
10:00PM
ESL Challenger League Season 47 North America
Elevate
Wildcard
07:30AM
ESL Pro League Season 19
Falcons
TheMongolz
07:30AM
ESL Pro League Season 19
TYLOO
G2
10:30AM
ESL Pro League Season 19
3DMAX
fnatic
10:30AM
ESL Pro League Season 19
SAW
Virtus.pro
01:30PM
ESL Pro League Season 19
Eternal Fire
Imperial