World of Warcraft Add-on Trojan Steals Account, Authenticator Info
Posted on: 2014-01-04 14:23:39 By Connor Sheridan @ CVG A Trojan masquerading as a popular add-on for World of Warcraft was responsible for compromising user accounts even with authenticators, Blizzard has revealed. According to a post on the MMORPG's support forum, a fake version of the Curse Client contained the trojan. The spoofed client appeared on a forged version of Curse's website, which ranked highly on major search engines for the term "curse client." The hacked Curse Client transmitted account information, passwords, and even authenticator keys to the attackers as part of the login process, but otherwise functioned normally. Blizzard recommends that users who believe they may have been compromised delete the client and run the latest version of Malwarebytes, then follow the steps listed on its support page. "For those of you interested in these [man-in-the-middle] style attacks, this is the only confirmed case we've seen in several years outside of the 'Configuring/HIMYM' trojan in early 2012 that hit a handful of accounts," a Blizzard support agent wrote. "These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!" |