Wow it finally happened. So glad I switched to steam running on linux mint last week. I refused to install helldivers because it wanted to install some no holds barred god level permissions anti-cheat software. Windows 11 was the last straw for me. Good times…
The volunteers at the Anti-Cheat Police Department have since issued a PSA announcing, “There is currently an RCE exploit being abused in [Apex Legends]” and that it could be delivered via from the game itself, or its anti-cheat protection. “I would advise against playing any games protected by EAC or any EA titles”, they went on to say.
As for players of the tournament, they strongly recommended taking protective measures. “It is advisable that you change your Discord passwords and ensure that your emails are secure. also enable MFA for all your accounts if you have not done it yet”, they said, “perform a clean OS reinstall as soon as possible. Do not take any chances with your personal information, your PC may have been exposed to a rootkit or other malicious software that could cause further damage.”
Considering it’s two high profile players, I’d say the most likely is that they were tricked into downloading something, or some other software they were using had an exploit (I’ve had one from a browser plugin before now). There’s a video elsewhere in this thread of one of them downloading Malwarebytes for something, so maybe they didn’t manage to get rid of whatever it was.
Other option is an exploit on the server. Maybe there’s some way of sending malformed data to a player you’re not currently in a game with to exploit an RCE. It’s not completely impossible, but I figure we’d see it a lot more if that was the case.
I’d put money on option 1 though.