Chinese Tencent-owned Riot Games installs rootkit on every League of Legends players’ computer

With 14.9, Vanguard, Riot’s proprietary Anti-Cheat system will be deployed and active in League of Legends. This means that active enforcement of Vanguard will be in effect and working hard to make sure your queues are free from scripters, botters, and cheaters! We recently released a blog detailing the “why” behind bringing Vanguard to League that you can check out here. It’s a bit of a long read, but it does have some pictures.

Lilu Cabreros in the League of Legends patch notes

The basic gist is that Vanguard is a closed-source, kernel-level rootkit for Windows that runs at all times, with the supposed goal of detecting and banning cheaters from playing League of Legends. This being a rootkit designed specifically to inject itself into the Windows kernel, it won’t work on Linux, and as such, the entire League on Linux community, which has been playing League for years now and even at times communicated with Riot employees to keep the game running, is now gone.

Interestingly enough, Riot is not implementing Vanguard on macOS, which League of Legends also supports – because Apple simply doesn’t allow it.

This is probably the most invasive, disturbing form of anticheat we’ve seen so far, especially since it involves such a hugely popular game. It’s doubly spicy because Riot Games is owned by Tencent, a Chinese company, which means a company owned and controlled by the Chinese government now has rootkits installed on the roughly 150 million players’ computers all over the world. While we’re all (rightly, in my opinion) worried about TikTok, China just slipped 150 million rootkits onto computers all over the world.

One really has to wonder where these increasingly invasive, anti-privacy and anti-user anticheat measures are going from here. Now that this rootkit can keep tabs on literally every single thing you do on your Windows computer, what’s going to be the next step? Anticheat might have to move towards using webcams to watch you play to prevent you from cheating, because guess what? The next level of cheating is already here, and it doesn’t even involve your computer.

Earlier this year, hardware maker MSI showed off a gaming monitor that uses “AI” to see what’s going on on your monitor, and then injects overlays onto your monitor to help you cheat. MSI showed off how the monitor will use the League of Legends minimap to follow enemy champions and other relevant content, and then show warnings on your screen when enemies approach from off-screen. All of this happens entirely on the monitor’s hardware, and never sends any data whatsoever to the computer it’s attached to. It’s cheating that literally cannot be detected by anything running on your computer, rootkit or not.

So, the only logical next step as such forms of cheating become more advanced and widespread is to force users to turn on their webcams, and point them at their displays.

I fired up League of Legends today on my gaming computer – which runs Linux, of course – and after the League client “installed” the rootkit, it just got stuck in an endless loop of asking me to restart the client. I’ve been playing League of Legends for close to 14 years, and while I know the game – and especially its community – has a deservedly so bad reputation, I’ve always enjoyed the game with friends, and especially with my wife, who’s been playing for years and years as well.

Speaking of my wife – even though she runs Windows and could easily install the rootkit if she wanted to, she has some serious doubts about this. When I explained what the Vanguard rootkit can do, her mouse pointer slowly moved away from the “Update” button, saying, “I’m not so sure about this…”

52 Comments

  1. 2024-05-01 10:47 am
    • 2024-05-01 1:50 pm
      • 2024-05-05 8:56 am
  2. 2024-05-01 11:41 am
    • 2024-05-02 4:21 am
  3. 2024-05-01 11:58 am
    • 2024-05-01 12:18 pm
      • 2024-05-01 1:01 pm
        • 2024-05-01 1:10 pm
          • 2024-05-01 4:22 pm
      • 2024-05-01 1:46 pm
        • 2024-05-01 3:47 pm
        • 2024-05-02 9:50 am
          • 2024-05-02 9:58 am
          • 2024-05-02 11:06 am
          • 2024-05-02 12:04 pm
      • 2024-05-01 2:06 pm
      • 2024-05-01 4:24 pm
        • 2024-05-01 6:02 pm
          • 2024-05-02 1:04 am
  4. 2024-05-01 12:12 pm
    • 2024-05-02 4:23 am
      • 2024-05-02 10:43 am
  5. 2024-05-01 1:40 pm
    • 2024-05-02 9:57 am
      • 2024-05-02 10:03 am
    • 2024-05-02 10:18 am
      • 2024-05-02 10:20 am
      • 2024-05-04 4:32 am
  6. 2024-05-01 3:30 pm
    • 2024-05-01 3:35 pm
    • 2024-05-02 10:23 am
      • 2024-05-02 11:51 am
        • 2024-05-02 11:51 pm
          • 2024-05-03 10:12 am
  7. 2024-05-02 1:52 am
    • 2024-05-02 5:01 am
  8. 2024-05-02 4:01 am
    • 2024-05-02 4:23 am
    • 2024-05-04 4:50 am
  9. 2024-05-02 4:16 am
  10. 2024-05-02 4:16 am
    • 2024-05-02 4:18 am
    • 2024-05-02 4:25 am
      • 2024-05-02 5:34 am
  11. 2024-05-02 10:19 am
  12. 2024-05-02 10:34 am
    • 2024-05-02 12:38 pm
      • 2024-05-03 12:11 am
        • 2024-05-03 9:21 am
  13. 2024-05-02 4:11 pm