World of Warcraft developer Blizzard Entertainment is warning of a new Trojan, disguised as a World of Warcraft add-on manager, which is capable of compromising user accounts even if they're using two-factor authentication (h/t Ars Technica).
"We've been receiving reports regarding a dangerous Trojan that is being used to compromise players' accounts even if they are using an authenticator for protection," a support agent noted in a forum post. "The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them."
In a separate forum post, another support agent added, "The Trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Web site. This site was popping up in searches for 'curse client' on major search engines, which is how people were lured into going there."
"These sort of outbreaks are annoying, but an Authenticator still protects your account 99 percent of the time," the support agent added. "Stay safe!"https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
Detailed instructions on removing the malware are available here.