Blizzard warns World of Warcraft users over “dangerous Trojan” being used to compromise accounts

By Stephany Nunneley, Friday, 3 January 2014 16:38 GMT

Blizzard has warned World of Warcraft users of a “dangerous Trojan” being used to compromise player accounts – even if the firm’s authenticator is being used for protection. Issues stemming from the Trojan appear to be stemming from a fakeversion of the Curse Client.

According to Blizzard, to rid yourself of the hateful program, remove the false client and run Malwarebytes. That simple.

“The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website,” said Blizzard. “This site was popping up in searches for “curse client” on major search engines, which is how people were lured into going there.

“At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method posted earlier in the thread. Most security programs should be able to identify this threat shortly.”

As if DDoS attacks weren’t enough already, Blizzard reported earlier today that the Trojan reportedly acts in “real-time” by stealing both player account information and the authenticator password upon being entered.

The firm said if players find they have been compromised and find it on their system, to reply to a forum thread set up containing system MSInfo, a list of recent add-ons and programs installed along with where they were acquired, and any security programs run and their results.

Sometimes we include links to online retail stores. If you click on one and make a purchase we may receive a small commission. For more information, go here.