Hackers Remotely Hijack Apex Legends to Control Player

Attackers have exploited a significant security vulnerability in Apex Legends, enabling them to remotely control player inputs during active gameplay.

The incident came to light when Respawn Entertainment disclosed the vulnerability through their official social media channels on January 10, 2026.

This represents a notable breach in the competitive gaming environment, allowing malicious actors to interfere with other players’ actions without their knowledge or consent.

The security flaw demonstrates how game client vulnerabilities can be exploited to compromise player experience and competitive integrity.

The attack operates by enabling attackers to seize control of keyboard and mouse inputs from targeted players while they are engaged in matches.

Players suddenly found their characters performing actions they did not initiate, including unintended movement, ability usage, and weapon deployment.

The remote input hijacking capability creates an unfair advantage for attackers and directly impacts the gaming experience of victims who lose control of their characters mid-gameplay.

This type of vulnerability raises concerns about the security infrastructure protecting online multiplayer games and the potential for similar exploits across other gaming platforms.

Respawn analysts identified the incident after investigating reports from affected players experiencing unusual character behavior.

The company’s initial assessment revealed that attackers were not executing remote code or performing injection attacks on the game client.

Instead, the exploit appears to operate through a different mechanism that specifically targets input handling mechanisms within Apex Legends.

This distinction is crucial because it suggests the vulnerability exists within a specific component of the game rather than compromising the entire system.

Input Hijacking Mechanism and Attack Vector

The input hijacking exploit works by intercepting communications between the player’s input devices and the game client.

Rather than requiring complete system compromise, the attack targets the pathway through which player actions reach the game server.

The vulnerability allows attackers to inject unauthorized input commands that the game processes as legitimate player actions.

This technique bypasses the normal authentication checks for player inputs, making it appear to the game server that the hijacked actions originated from the legitimate player account.

The technical implementation likely involves intercepting network packets or memory spaces where input data is stored before transmission to the game server.

By understanding how Apex Legends processes keystroke and mouse movement data, attackers developed a method to insert their own commands into this pipeline.

The game client accepts these injected inputs without detecting the intrusion, resulting in remote player control.

Respawn’s statement clarifying that remote code execution was not involved indicates the vulnerability exists at the input validation level rather than at deeper system layers.

The team actively worked on developing patches to validate input sources and implement additional security checks to prevent future unauthorized command injection attempts.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.