World of Warcraft players have been hit with a malicious trojan that hijacks accounts even when they're protected by two-factor authentication, officials have warned.
The malware is infecting systems by posing as an installer of Curse, a legitimate add-on that helps players manage other World of Warcraft add-ons. On Friday, officials with WoW developer Blizzard warned that trojanized versions of Curse available on unofficial sites were posing as the authorized Curse client. Once installed on end-user computers, the imposter versions were being used to take over accounts. In some cases, users reported that their accounts were hijacked even after the passwords were changed and even when the accounts were protected by Authenticator, a two-factor authentication system that sends a temporary password to players' smartphones.
"We've been receiving reports regarding a dangerous trojan that is being used to compromise players' accounts even if they are using an authenticator for protection," Blizzard officials wrote on Friday. "The trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them."