What is going on?

Creators such as Loba , Shox , Get_Right , …

are promoting a third party client like faceit using crypto currency.

This company promises to organise an "Operation" on the 16th of September where you most likely will be able to mine / receive their crypto currency or as they call it "Real Money"

Overview of issues.

Inui, a third-party client used for Counter-Strike and cryptocurrency-related activities, has shown significant security vulnerabilities and alarming privacy breaches. Tonight, multiple severe security risks and unethical practices associated with Inui have been found. These findings raise concerns about users' privacy and the potential for exploitation.

Key Findings

1. Cross-Site Scripting (XSS) Exploits

There was multiple successfully performed **Cross-Site Scripting (XSS)** attacks on Inui’s platform.

(https://x.com/aquaismissing/status/1833668717999243455)

• **What is XSS?**

  XSS is a type of security vulnerability typically found in web applications that allows attackers to inject malicious scripts into webpages viewed by other users. Once exploited, an XSS attack can be used to steal session cookies, sensitive user information, and in the case of Inui, access to **Steam accounts**.

• **Dangers of XSS:**

  XSS attacks on Inui can lead to:

  • **Account Theft**: Attackers can steal users’ Steam credentials, leading to account takeovers.
  • **Session Hijacking**: Attackers can impersonate users or initiate unauthorized transactions in crypto-related activities.
  • **Data Exposure**: Sensitive personal data tied to both gaming and cryptocurrency profiles may be exposed.

  These security gaps make users highly vulnerable to phishing attacks, unauthorized transactions, and identity theft. Given that XSS is preventable with proper input validation and security protocols, this represents a failure in basic web security standards.

2. Unauthorized Desktop Surveillance

(https://x.com/poggu\_\_/status/1833666387950137621)

Inui’s application presents itself as an anti-cheat mechanism; however, Poggu discovered that it **takes a screenshot of your game and desktop every 10 seconds**. These actions were not disclosed in their privacy policy, rendering their practices **both illegal and unethical**.

• **Privacy Concerns:**

  • **Unlawful Data Collection**: Inui’s application is capturing your desktop activity, potentially including private information unrelated to the game, such as personal documents, banking information, or other sensitive data.
  • **Lack of Consent**: This behavior is not disclosed in their privacy policy ([inui.com/privacy](https://inui.com/privacy)), violating data protection laws like GDPR, which require user consent for data collection.
  • **Potential for Abuse**: This continuous surveillance could easily be abused by bad actors within the company or by external attackers who gain access to these captured images.

  Such behavior constitutes **unlawful surveillance** and puts users at risk of having sensitive information harvested without their knowledge or permission.

3. Dubious Business Practices

Inui is registered in **Dubai**, a jurisdiction known for its lax regulations on tech companies, further raising questions about its legitimacy and accountability.

• **No Corporate Record**: Upon investigation, I could not locate verifiable records of the company's registration or track record in delivering legitimate services.

• **"Free Money" Offers**: Inui’s business model, which offers users **“free money”**, appears to be a deceptive marketing tactic, especially considering the security vulnerabilities I have uncovered. The combination of aggressive marketing and unsafe privacy practices makes this offer particularly suspicious.

Conclusion

Inui poses significant risks to its users. With exploitable security vulnerabilities like **XSS**, illegal **desktop surveillance**, and questionable **business practices**, it is clear that the platform is unsafe for use. Users should refrain from using Inui until these issues are addressed.

Recommendations

• Immediately cease using the Inui client.

• Change your Steam and crypto-related passwords and enable two-factor authentication.

• Report these practices to relevant authorities, including gaming and data protection regulators.

In light of these findings, users should be aware that continued use of Inui’s platform exposes them to significant security and privacy risks.

I hope everything is clear in case there are more questions or thoughts make sure to type them in the comments.