Trojan compromising World of Warcraft accounts, even if you’re using the authenticator

World of Warcraft accounts compromised by Trojan

As if the impotent DDoS attacks made by DERP on weren’t irritating enough, Blizzard is now warning World of Warcraft players that their accounts might have been compromised by a Trojan that steals player account information and authenticator passwords when they are entered. 

Initially, Blizzard was unable to find a solution for those hit by the virus, and suggested they reformat their systems. Thankfully, they have recently discovered the source of the problem along with a way to remove the offending virus.

On the Blizzard forums, technicians revealed that the culprit was a fake Curse client. “The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for “curse client” on major search engines, which is how people were lured into going there.”

If you’re a victim of this, remove the client and scan using an updated Malwarebytes. A manual route has also been presented on the forums if that doesn’t fix the problem.

It looks like some folk are really trying to fill their yearly asshole quota in record time this year.