Reports claim that the third-party CS2 client INUI isn’t safe to use, but is it?
Counter-Strike 2 remains one of the top esports titles, and thousands of players are eager to prove themselves. To do so, these players often use third-party clients like FACEIT, which have stricter anti-cheat measures and more competitive matchmaking. Of course, FACEIT isn’t the only third-party platform for CS2 matchmaking. INUI CS2 has quickly risen among many players as a third-party client option. Creators such as Nikola “Lobanjica” Mijomanović, Christopher “GeT_RiGhT” Alesund, and Richard “Shox” Papillon have previously promoted the platform.
However, some players allegedly found evidence that the INUI’s CS2 platform is dangerous to use.
Players allegedly found evidence that the INUI client has multiple security issues, including malware vulnerability and unauthorized desktop access.
A Reddit user has compiled a list of INUI’s most severe issues. The first claim primarily comes from Aqua, a notable CS2 data miner. He allegedly found cross-site scripting exploits, also know as XSS, that allow the INUI software to inject malware onto Steam accounts.
The second point from Twitter user Poggu claims INUI takes a screenshot of every CS2 user’s desktop every 10 seconds. Notably, the INUI platform does not disclose this alleged behavior. However, it’s worth noting that the source for this claim had their account deleted, leaving its authenticity uncertain. The third point speculates that INUI being registered in Dubai means it has lax regulations. The OP claims not to have found any INUI corporate records and criticized the company’s aggressive marketing campaign.
Some CS2 players claim INUI is a scam because of its ties to cryptocurrency.
INUI notably has a cryptocurrency called INUI Coin. Wary players note the close ties to cryptocurrency don’t mesh well with a secure platform.
“Crypto + video game combo is a giant red flag, and with the programs literally spying on users without disclosure, it almost always means some bulls–t is happening behind the scenes,” claimed one Reddit user.
Loba has seemingly responded to the post, stating, “It’s nice to know I’m the biggest name. They call INUI my platform, and I have legends like Shox and get_right working for me. Thank you for finding the XSS, it will be fixed today. However, you can’t get a job, but we appreciate your volunteering just like you do it for Valve in order to get a few likes and attention.”
Based on the wording, Loba may have confirmed that the XSS exploits were present. While the extent of Loba’s knowledge of INUI’s inner workings is uncertain, the statement doesn’t help quash player concerns about the platform. INUI has not officially responded to these claims as of this writing.
Players must be 21 years of age or older or reach the minimum age for gambling in their respective state and located in jurisdictions where online gambling is legal. Please play responsibly. Bet with your head, not over it. If you or someone you know has a gambling problem, and wants help, call or visit: (a) the Council on Compulsive Gambling of New Jersey at 1-800-Gambler or www.800gambler.org; or (b) Gamblers Anonymous at 855-2-CALL-GA or www.gamblersanonymous.org.