Blizzard, developer and publisher of World of Warcraft, say that the Trojan will be able to gain account information of players such as passwords even if players use an authenticator for protection.
The Trojan stems from a fake version of the Curse Client, according to finding of the company.
Writing on their forums, they said: “The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for “curse client” on major search engines, which is how people were lured into going there.”
Advising players on how to avoid the Trojan, Blizzard said: “At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes.”
Players who have had their accounts compromised have been advised to visit Battle.net for help.
Reassuring players, they continued: “For those of you interested in these MitM style attacks, this is the only confirmed case we’ve seen in several years outside of the “Configuring/HIMYM” trojan in early 2012 that hit a handful of accounts. These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time.”
As of July 2013, World of Warcraft has over 7 million subscribers.