Players of Apex Legends Fear an RCE Vulnerability Following ALGS Hacks

The current Apex Legends Global Series (ALGS) North American (NA) finals have been postponed by Electronic Arts due to player mid-match hacking.

Players in the fast-paced, strategic battle royale game ALGS compete in an esports tournament series. The matches in the series are organized into three categories: qualifications, big tournaments that lead to a championship event with substantial rewards, and regional events like the NA finals.

A hack tool named "TSM HALAL HOOK" was unexpectedly presented in the game client of one of the players, Genburten, during the third match of the NA finals between the teams DarkZero and Luminosity.

Suddenly the cheat interface appeared on his screen, with a variety of cheat configurations and odd references like "Vote Putin." Due to the hack, the player gained an unfair competitive edge because he could see every other player's position on the map. Genburten was compelled to end the game as a result, which meant his team lost one player.


Luminosity was declared the winner on X by EA, who proceeded to Match 4 rather than nullifying the match. Once more, the hacker gained access to player accounts for "ImperialHal" and "aimbot." After a while, the tournament administrators stepped in and ended the contest.

Hackers using the nicknames "Destroyer2009" and "R4ndom," whose names were displayed in Genburten's chat window as soon as the hack was launched, were thought to be responsible for the attacks.


Not too long afterward, the official Apex Legends Esports account on X declared that they would be delaying the NA finals until they could ensure that there would be no outside tampering with the events.


Later, X user “Anti-Cheat Police Department” was informed by a person posing as Destroyer 2009 that they had hacked the gamers' clients by exploiting a remote code execution vulnerability. The claimed threat actor did not say whether the problem was with the Easy Anti-Cheat program, the Apex Legends client, or some other piece of software.

A software defect that permits remote attackers to run code on a targeted device is known as a remote code execution vulnerability. On devices exposed to the internet, attackers typically use RCE vulnerabilities to take control of systems or install extra payloads.

Since a variety of software vulnerabilities have the potential to cause RCE, there are no set standards on how this should be accomplished. A remote code execution vulnerability exists if an attacker can remotely execute code on a device, even if they are on your local area network.

There are several possibilities regarding how the ALGS hacks were carried out, such as the use of an RCE bug in the Apex Legends game client, an Easy Anti-Cheat bug, or player devices being compromised before the matches. In a recent update, Easy Anti-Cheat expressed confidence that their program is free of RCE vulnerabilities.

“We have investigated recent reports of a potential RCE issue within Easy Anti-Cheat. At this time - we are confident that there is no RCE vulnerability within EAC being exploited. We will continue to work closely with our partners for any follow-up support needed.” tweeted Easy Anti-Cheat.

It is unknown if the affected players were hacked on the spot during the matches or if the game's developers have already confirmed anything. Regardless of how the hacks occurred, this is a first for ALGS history as there has never been a situation when players were hacked in the middle of a match, leading to a tournament suspension.