Malicious actors are weaponizing anti-cheat systems against their opponents. TechCrunch reports that a hacker known as Vizor claims to have exploited a flaw in Call of Duty's (CoD) Ricochet anti-cheat system to ban thousands of legitimate players.
The Ricochet anti-cheat system, released in 2021, runs at the kernel level. One method it uses to detect cheaters is scanning the player’s device memory for strings related to cheat software.
According to the hacker, they banned “thousands upon thousands” of CoD players by just sending private messages containing specific trigger words, such as “Trigger Bot.” The anti-cheat system then flags the behavior as cheating, regardless of the context.
Vizor told TechCrunch they even used automation to ban random players while on vacation.
Previously, Activision detected a strange spike in CoD cheaters, leading to account bans, and even boasted about that on X. In a single week of August, the Ricochet team banned 65,000 accounts.
🛡️ #MW3 #Warzone #TeamRICOCHET
undefined Call of Duty Updates (@CODUpdates) August 2, 2024
The RICOCHET Anti-Cheat team has now purged the Ranked Play leaderboards in both Call of Duty: Warzone and #MWIII, banning accounts for cheating and boosting.#TeamRICOCHET has accelerated cheat vendor enforcements resulting in over 65,000 account…
Later, the team claimed it identified and disabled a “workaround to a detection system” that impacted a “small number” of legitimate players, downplaying the issue.
📢 #MW3 #Warzone #TeamRicochet
undefined Call of Duty Updates (@CODUpdates) October 17, 2024
RICOCHET Anti-Cheat identified and disabled a workaround to a detection system in Modern Warfare III and Call of Duty: Warzone that impacted a small number of legitimate player accounts. We have restored all accounts that were impacted. An…
Some players expressed frustration in the replies.
“Yet I'm still banned, at this point, I've given up on CoD. I spend so much money on my account. I'm done with CoD, I've lost so much money and all the hours I put into the camos. I give up,” one user posted.
Vizor detailed the exploit to cheat developer Zebleer, and they shared it on X.
While modern anti-cheats and other security solutions scan signatures to identify malware or other malicious software, they require creating a unique signature (hash) for each version of the malicious app. However, Ricochet, according to the hackers, uses plain text strings as signatures, such as “Screenshot counter,” “Trigger Bot,” “B.u.b.b.l.e. .E.S.P,” and others. The anti-cheat is triggered when these strings are detected in the working memory.
“This might sound reasonable at first glance since “Trigger Bot” is a common occurrence in cheat menus. Surely, you are using one if this phrase is found in your game, right? Well, unfortunately for Ricochet, that’s not the case. If someone sends a message in-game chat, that message will be in your game's memory. Someone sends you a friend request – their name will be in your game’s memory,” Zebleer shared an explanation, which they credited to Vizor.
According to the hackers, for some time, it has been possible to get people permanently banned just by sending them a friend request or posting a message in-game chat, such as “Nice Trigger Bot, dude!”
“I even heard of someone who made an AutoHotkey script to spam join Warzone lobbies and post messages in the chat to get anyone in the lobby banned,” hackers said. “This is the result of major oversight from the Ricochet team by using improper signatures.”
Activision did not respond to TechCrunch’s request for comment. The Ricochet anti-cheat initiative is a multi-faceted approach to combat cheating. It includes server-side tools that monitor analytics. The PC kernel-level driver monitors and reports applications that attempt to interact with protected titles.
Your email address will not be published. Required fields are markedmarked