Apex Legends logo

[updated] Apex Legends Global Series plagued by hackers

The North American finals of online shooter game Apex Legends has been postponed after games were disrupted by hacking incidents.

Apex Legends, published by EA, is currently in an important stage of its Global Series, the regional finals mode. This is a big deal for the top players since there is a $5 million prize pool, with a few of the top teams in each region set to battle it out in the finals.

But on Monday, the Apex Legends official X account tweeted that it had postponed the contest after deciding the “competitive integrity” of the series had been compromised.

According to PCGamer, there were at least two major incidents:

“First, Noyan “Genburten” Ozkose of DarkZero suddenly found himself able to see other players through walls, then Phillip “ImperialHal” Dosen of TSM was given an aimbot.”

An aimbot is a program or patch that allows the player to cheat by having the character’s weapon aimed automatically. Using cheats like those would lead to immediate disqualification and total loss of respect if done on purpose.

The volunteers of the Anti-Cheat Police Department warned players against playing any games protected by Easy Anti-Cheat (EAC) or any EA titles for a while, because they suspected a Remote Code Execution (RCE) exploit was being used against the players.

However, recent developments point less toward an RCE being the cause and more to an actual infection on the players’ computers. In a livestream, affected gamer ImperialHal spoke to the former Lead of Application Security at Blizzard Entertainment, “PirateSoftware,” who has been investigating the attacks.

ImperialHal used Malwarebytes to scan his machine. Although the scan didn’t reveal any malware, Malwarebytes flagged an inbound connection attempt on an RDP (Remote Desktop Protocol) port. This could be an indication that an attacker was looking for a way to access ImperialHal’s computer.

Malwarebytes flags a suspicious IP address

PirateSoftware concluded that it might be trying to connect to a Trojan:

“I don’t see evidence of Apex having RCEs. It does not mean that it’s impossible but I still don’t see evidence, while I do see evidence of him having direct access to your machine.”

Update March 26, 2024

Epic Online Services has stated that:

We have investigated recent reports of a potential RCE issue in Apex Legends, which we have confirmed to be unrelated to Easy Anti-Cheat. We are confident THERE IS NO RCE vulnerability within EAC being exploited.

Respawn also came with a statement:

On Sunday, a few professional Apex Legends players accounts were hacked during an ALGS event.

Game and player security are our highest priorities, which is why we paused the competition to address the issue immediately.

Our team have deployed the first of a layered series of updates to protect the Apex Legends player community and create a secure experience for everyone.

Thank you for your patience.

Protect yourself

We recommend that all gamers scan their computers with reliable security software. Malwarebytes Premium for Windows’ Brute Force Protection feature blocked the connection from being made to ImperialHal’s computer, so make sure you enable that feature.


We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

ABOUT THE AUTHOR

Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.