World of Warcraft users hit by account-hijacking malware attack

World of Warcraft players have been hit with a malicious trojan that hijacks accounts even when they’re protected by two-factor authentication, officials have warned.

The malware is infecting systems by posing as an installer of Curse, a legitimate add-on that helps players manage other World of Warcraft add-ons. On Friday, officials with WoW developer Blizzard warned that trojanized versions of Curse available on unofficial sites were posing as the authorized Curse client. Once installed on end-user computers, the imposter versions were being used to take over accounts. In some cases, users reported that their accounts were hijacked even after the passwords were changed and even when the accounts were protected by Authenticator, a two-factor authentication system that sends a temporary password to players’ smartphones.

“We’ve been receiving reports regarding a dangerous trojan that is being used to compromise players’ accounts even if they are using an authenticator for protection,” Blizzard officials wrote on Friday. “The trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them.”

Read 3 remaining paragraphs | Comments

via Ars Technica http://feeds.arstechnica.com/~r/arstechnica/index/~3/FONuwd9Hxa8/

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s