World of Warcraft add-on trojan steals account, authenticator info
A Trojan masquerading as a popular add-on for World of Warcraft was responsible for compromising user accounts even with authenticators, Blizzard revealed today.
According to a post on the MMORPG's support forum, a fake version of the Curse Client contained the trojan. The spoofed client appeared on a forged version of Curse's website, which ranked highly on major search engines for the term "curse client."
The hacked Curse Client transmitted account information, passwords, and even authenticator keys to the attackers as part of the login process, but otherwise functioned normally.
Blizzard recommends that users who believe they may have been compromised delete the client and run the latest version of Malwarebytes, then follow the steps listed on its support page.
"For those of you interested in these [man-in-the-middle] style attacks, this is the only confirmed case we've seen in several years outside of the 'Configuring/HIMYM' trojan in early 2012 that hit a handful of accounts," a Blizzard support agent wrote. "These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!"
World of Warcraft had 7.6 million subscribers as of November 2013, making it the most popular subscription based MMO nine years after its launch. Blizzard's Battle.net service was targeted for denial-of-service attacks this week allegedly intended to disrupt a single Twitch streamer.
As a reminder, the only place you should download the Curse Client is from http://www.curse.com/client/ to ensure it is the real client.
Posted:
Related Forum: PC Gaming Forum
Source: http://www.computerandvideogames.com/443860/world-of-warcraft-add-on-trojan-steals-account-authenticator-info/
Related Articles
Comments
CraigPosted:
Fozy Never played WoW, looked fun. That sucks though if your account has been taken
You have to like that sort of game, otherwise it's not going to be your favorite game.
-SignedPosted:
Luxe-Signed All these hackers on WoW makes me not want to play anymore.
Yeah, I dont play it anymore but hearing that makes me never want to go back
I kind of don't play it anymore anyways. Been busy a lot lately and no time to play. So I canceled my sub.
sotaPosted:
-Signed All these hackers on WoW makes me not want to play anymore.
Yeah, I dont play it anymore but hearing that makes me never want to go back
ScizorPosted:
It's weird seeing things like that happen to Blizzard. However it's not really their fault, it's up to the user if they used the program.
MawderzPosted:
KatsumiRacist That sucks for people who lost their account. Hopefully they get it fixed for them
It really would suck. I would bet that Blizzard is working to fix everything up but if they lost all of their rare items that would be very frustrating indeed
Blizzard doesn't restore lost items sadly.
KatsumiPosted:
Racist That sucks for people who lost their account. Hopefully they get it fixed for them
It really would suck. I would bet that Blizzard is working to fix everything up but if they lost all of their rare items that would be very frustrating indeed
ItalianPosted:
I just got WoW, and got a Curse Client too -.-
I hope I wasn't affected...but I download an older Mac Version and I am pretty sure I was on the real websites, let's hope so until I get home
I hope I wasn't affected...but I download an older Mac Version and I am pretty sure I was on the real websites, let's hope so until I get home
DissPosted:
j8ke not really player WOW for a while, this is another reason why i dont.
You don't have to download add ons to play the game though, so this is a pretty silly reason to not play the game. Plus, you can usually tell when an add on is safe from the number of downloads and reviews.
Latest Downloads
- 01. Jalopy SaveGame (Pumped up LaikaGT)(0)
- 02. Assassin's Creed 3 Save Game (Game completed 8%, until Chapter 4)(0)
- 03. Supermarket Simulator SaveGame (Quick start, 172 day, 65lvl)(0)
- 04. Caribbean Legend: SaveGame (before the start of the Dutch Gambit)(0)
- 05. Caribbean Legend: SaveGame (Passed the Secret Organization Gambit) [v1.0.0](0)
- 06. Jalopy: SaveGame (Pumped up LaikaGT)(0)
- 07. Assassin's Creed 3: Save Game (Game completed 8%, until Chapter 4)(3)
- 08. Supermarket Simulator: SaveGame (Quick start, 172 day, 65lvl)(0)
- 09. GoreBox: SaveGame (Ancient village of the Paleozoic era)(0)
- 10. Need for Speed: Most Wanted (2005) - SaveGame (0% career, 2 BMWs in the garage)(1)
- 11. [EU] CARX DRIFT RACING ONLINE - PROGRESS SAVE 6 SP DUO (CUSA15633)(10)
- 12. Fallout Shelter Modded Save PC(3)
- 13. Remember Me: SaveGame (The Game done 100%)(0)
- 14. The Long Drive: SaveGame (American pickup)(0)
- 15. Goemon's Great Adventure (US / NTSC) - Nintendo 64 Game Save(2)
Latest Tutorials
- 01. The Redress Of Mira 100% Walkthrough | Trophy & Achievement(550)
- 02. Russian Pinocchio Quick Trophy Guide(673)
- 03. Venatrix Quick Trophy & Achievement Guide(669)
- 04. Call of the Sea 100% Platinum Walkthrough(753)
- 05. Wire Lips 100% Platinum Walkthrough(764)
- 06. The Expanse 100% Platinum Walkthrough | Trophy & Achievement(717)
- 07. Doctor Who: The Edge of Reality - PS4 Platinum P/Thru(636)
- 08. Doctor Who:The Lonely Assassins - 100% Guide(564)
- 09. DAYMARE 1998 PS4 - Full game 100% TROPHY WALKTHROUGH(533)
- 10. Stray Platinum Walkthrough | Trophy & Achievement Guide(541)
- 11. Raji: An Ancient Epic | Complete Gameplay Walkthrough(706)
- 12. Corpse Killer: 25th Anniversary Edition - Longplay(721)
- 13. Song of Horror: Complete Edition Gameplay Walkthrough(458)
- 14. Remoteness 100% All Trophies Walkthrough(737)
- 15. Detective Inspector Mysterious Clues Platinum Walkthrough(604)
"World of Warcraft add-on trojan steals account, authenticator info" :: Login/Create an Account :: 58 comments