Latest Steam scam likely a hoax as "Secret Club" makes mysterious appearance

M Alzamora Published 14/04/2021

“Fivetowns,” “Seventowns,” “Vote for my Counter-Strike: Global Offensive team…”

All players have heard these before. Steam has no shortage of scams trying to steal players’ passwords, games, and items from unsuspecting their inventories. But thankfully, the platform’s latest viral threat probably isn’t real at all. With that out of the way, the strange videos do seem to be trying to let players in on a secret.

When it comes to hacking and privacy, you never want to say never. But this week’s CSGO videos claiming to show hackers stealing passwords don’t make much sense at all.

The original video appeared when it was tweeted out by a group calling themselves the “Secret Club.” The account appeared two years ago, complete with a convincing blog and a story to tell. But the blogs break down towards the end, and this week’s post was far-fetched. The S.C claimed that it had found a remote code exploit in CSGO during the leak of the game’s source code two years ago and had alerted Valve, but the software developer ignored their heroic efforts.

Now, it said, they were releasing a video of the hack to force Valve to fix their code.

As you may know, @the_secret_club recently posted videos about Source Engine games RCE. I was also ignored by Valve for a year. Here’s the demonstration of my report. RCE can be achieved by connecting to a malicious server, then the chain will be completed when game is restarted. pic.twitter.com/oVGSjpYWTz
— Bien Pham (@bienpnn) April 12, 2021

The video claiming to show friend requests resulting in a hack started making the rounds on Twitter, startling some players into extra security measures like two-factor authentication and improved passwords just to be careful. Fair enough, because 2FA and a strong password are the least players can do, but the numerous videos released by the group got stranger and stranger.

A careful look at the clips fails to show any hacks at all, let alone anything like Secret Club suggests. In some, there is only a debugger often used to find misbehaving code. In others, just a calculator as the Secret Club member waves their mouse around without pause. They must like Windows gestures.

As of now, players aren’t in any danger from this specific problem. While breaking into a computer may not be as exciting in reality as it is in the movies, but one thing is probably accurate.

Most blackhat hackers probably aren’t still using Windows 7. And even though Microsoft’s browser is arguably better than Chrome, they’re still not using Edge. And if by some miracle S.C was using Windows and Edge, they’d at least have some respect and Windows Terminal Preview! But even though its a hoax, the Secret Club has sourced some pretty good code. While the videos and the end of its blogs probably aren’t real, whoever S.C is they’re very smart. Best-in-the-business smart.

So while it seems as though S.C poses no real risk at the moment, there’s no telling what it could do with that power in the future. Make enough noise and they might even catch Valve’s attention. No matter what, players should keep their eyes open.

S.C’s motives aren’t clear just yet, and with no confirmation from Valve as to whether players have anything to worry about, it’s worth it to turn on two-factor authentication just in case.

M Alzamora

About M Alzamora

There are few things that writer M Alzamora loves more in life than Pokemon. And there are even fewer things that she loves more than her favorite Pokemon, Eevee. But M’s appreciation for gaming isn’t just limited to Nintendo’s famous pocket monsters. She’s interested in every type of game across every genre of gaming, and she has the credentials to prove it. M’s work has also been seen on Working Classicists and gaming sites.

View full profile