Electronic Arts has postponed the North American finals of the ongoing Apex Legends Global Series after hackers compromised players mid-match during the tournament.
ALGS is an esports tournament series where players compete in a fast-paced, strategic battle royale game.
The series is structured around matches including qualifiers, regional competitions like the NA finals, and major tournaments culminating in a championship event with large prizes.
During Match 3 of the NA finals between the teams DarkZero and Luminosity, the game client for one of the players, Genburten, suddenly displayed a cheat tool called 'TSM HALAL HOOK.'.
The hack resulted in the player being able to see the positions of all other players on the map, giving him an unfair competitive advantage.
This forced Genburten to quit the game, leaving his team with one less player.
The hacker struck again, this time giving player 'ImperialHal' an aimbot.
The tournament admins eventually intervened and shut down the match.
The hacks were believed to have been conducted by hackers using the aliases 'Destroyer2009' and 'R4ndom,' whose names were shown in Genburten's chat window as the hack was activated.
The official Apex Legends Esports account on X announced that the NA finals would be postponed until they could secure the events from external interference.
A person claiming to be Destroyer 2009 later told X user 'Anti-Cheat Police Department' that they used a remote code execution vulnerability to hack the players' clients.
The alleged threat actor did not specify if the flaw was in the Apex Legends client, Easy Anti-Cheat software, or another software.
Attackers usually trigger RCE flaws on internet-exposed devices to hijack systems or install additional payloads.
Numerous theories exist about how the ALGS hacks were conducted, including an RCE bug in the Apex Legends game client, a bug in Easy Anti-Cheat, or the players' devices being already compromised before the matches.
Easy Anti-Cheat shared an update today stating that they are confident their software has no RCE flaw.
The game's developers have not yet confirmed anything, so it is unknown if the impacted players were compromised earlier or hacked on the fly during the matches.
However the hacks happened, this is an unprecedented occurrence in ALGS history, as there has never been a case of players hacked mid-match, causing the suspension of a tournament.
Hackers mint 1.79 billion crypto tokens from PlayDapp gaming platform.
SEC confirms X account was hacked in SIM swapping attack.
Payoneer accounts in Argentina hacked in 2FA bypass attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 18 Mar 2024 16:15:03 +0000