Apex Legends

Electronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament.

ALGS is an esports tournament series where players compete in a fast-paced, strategic battle royale game. The series is structured around matches including qualifiers, regional competitions like the NA finals, and major tournaments culminating in a championship event with large prizes.

During Match 3 of the NA finals between the teams DarkZero and Luminosity, the game client for one of the players, Genburten, suddenly displayed a cheat tool called 'TSM HALAL HOOK.'

Cheat window
Cheat window (twitch.tv)

The cheat interface was displayed on his screen out of nowhere, featuring a mix of cheat configurations and unusual references, such as 'Vote Putin.'

The hack resulted in the player being able to see the positions of all other players on the map, giving him an unfair competitive advantage. This forced Genburten to quit the game, leaving his team with one less player.

TSM Halal Hook game cheat that appeared mid-match
TSM Halal Hook game cheat that appeared mid-match

Instead of voiding the match, EA announced Luminosity as the winner on X and moved on to Match 4.

The hacker struck again, this time giving player 'ImperialHal' an aimbot. The tournament admins eventually intervened and shut down the match.

The hacks were believed to have been conducted by hackers using the aliases 'Destroyer2009' and 'R4ndom,' whose names were shown in Genburten's chat window as the hack was activated.

Hacked remotely activated in Genburten's client
Hacked remotely activated in Genburten's client

Shortly after, the official Apex Legends Esports account on X announced that the NA finals would be postponed until they could secure the events from external interference.

tweet

A person claiming to be Destroyer 2009 later told X user 'Anti-Cheat Police Department' that they used a remote code execution vulnerability to hack the players' clients. The alleged threat actor did not specify if the flaw was in the Apex Legends client, Easy Anti-Cheat software, or another software.

A remote code execution vulnerability is a software bug that allows remote attackers to execute code on a targeted device. Attackers usually trigger RCE flaws on internet-exposed devices to hijack systems or install additional payloads.

There are no specific criteria as to how this can be done as there are a wide range software bugs that could lead to RCE. As long as a remote attacker (even someone on your LAN) can remotely cause code to be executed on a device, it is considered a remote code execution vulnerability.

Numerous theories exist about how the ALGS hacks were conducted, including an RCE bug in the Apex Legends game client, a bug in Easy Anti-Cheat, or the players' devices being already compromised before the matches.

Easy Anti-Cheat shared an update today stating that they are confident their software has no RCE flaw.

"We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat," tweeted Easy Anti-Cheat.

"At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow up support needed."

The game's developers have not yet confirmed anything, so it is unknown if the impacted players were compromised earlier or hacked on the fly during the matches.

However the hacks happened, this is an unprecedented occurrence in ALGS history, as there has never been a case of players hacked mid-match, causing the suspension of a tournament.

Related Articles:

Xbox is down worldwide with users unable to login, play games