Hacker claims to have banned thousands of CoD players through anti-cheat exploit


Malicious actors are weaponizing anti-cheat systems against their opponents. TechCrunch reports that a hacker known as Vizor claims to have exploited a flaw in Call of Duty's (CoD) Ricochet anti-cheat system to ban thousands of legitimate players.

The Ricochet anti-cheat system, released in 2021, runs at the kernel level. One method it uses to detect cheaters is scanning the player’s device memory for strings related to cheat software.

According to the hacker, they banned “thousands upon thousands” of CoD players by just sending private messages containing specific trigger words, such as “Trigger Bot.” The anti-cheat system then flags the behavior as cheating, regardless of the context.

ADVERTISEMENT

Vizor told TechCrunch they even used automation to ban random players while on vacation.

Previously, Activision detected a strange spike in CoD cheaters, leading to account bans, and even boasted about that on X. In a single week of August, the Ricochet team banned 65,000 accounts.

Later, the team claimed it identified and disabled a “workaround to a detection system” that impacted a “small number” of legitimate players, downplaying the issue.

Some players expressed frustration in the replies.

“Yet I'm still banned, at this point, I've given up on CoD. I spend so much money on my account. I'm done with CoD, I've lost so much money and all the hours I put into the camos. I give up,” one user posted.

Vizor detailed the exploit to cheat developer Zebleer, and they shared it on X.

ADVERTISEMENT

While modern anti-cheats and other security solutions scan signatures to identify malware or other malicious software, they require creating a unique signature (hash) for each version of the malicious app. However, Ricochet, according to the hackers, uses plain text strings as signatures, such as “Screenshot counter,” “Trigger Bot,” “B.u.b.b.l.e. .E.S.P,” and others. The anti-cheat is triggered when these strings are detected in the working memory.

“This might sound reasonable at first glance since “Trigger Bot” is a common occurrence in cheat menus. Surely, you are using one if this phrase is found in your game, right? Well, unfortunately for Ricochet, that’s not the case. If someone sends a message in-game chat, that message will be in your game's memory. Someone sends you a friend request – their name will be in your game’s memory,” Zebleer shared an explanation, which they credited to Vizor.

According to the hackers, for some time, it has been possible to get people permanently banned just by sending them a friend request or posting a message in-game chat, such as “Nice Trigger Bot, dude!”

Konstancija Gasaityte profile vilius jurgita Gintaras Radauskas
Don’t miss our latest stories on Google News

“I even heard of someone who made an AutoHotkey script to spam join Warzone lobbies and post messages in the chat to get anyone in the lobby banned,” hackers said. “This is the result of major oversight from the Ricochet team by using improper signatures.”

Activision did not respond to TechCrunch’s request for comment. The Ricochet anti-cheat initiative is a multi-faceted approach to combat cheating. It includes server-side tools that monitor analytics. The PC kernel-level driver monitors and reports applications that attempt to interact with protected titles.