World of Warcraft accounts being hijacked, Blizzard warns against trojan

World of Warcraft

By on January 6, 2014 at 3:20 pm

Blizzard have issued a warning against a trojan being bundled with a fake Curse Client, which acts in real-time to steal your World of Warcraft password and even your authenticator details.

“The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website,” said the company on their forums. “This site was popping up in searches for ‘curse client’ on major search engines, which is how people were lured into going there.”

“At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method posted earlier in the thread. Most security programs should be able to identify this threat shortly.”

Source: Battle.net (thanks, Dylan)

4 comments (Leave your own)

I wonder if the authenticator protocols are going to be updated as well. It’s easy enough to do for the authenticator apps but the physical authenticators will most likely need to be replaced if the protocols are updated.

 

I’m amazed that people actually use a search engine instead of just typing in the web address, which is simple enough, and it’s easy enough to check your website address before downloading anything, but i do understand how people can get caught out when your not really paying any attention.

But, while people may lose there account, it is easy enough to get it back once the trojan and the fake curse client has been removed. I remember not logging on for a while and have had characters switch from realms to realms and stripped of my gold and i had no idea until another player messaged me on Steam. Now, i check everything before clicking on anything.

 

crona:
I’m amazed that people actually use a search engine instead of just typing in the web address, which is simple enough, and it’s easy enough to check your website address before downloading anything, but i do understand how people can get caught out when your not really paying any attention.

But, while people may lose there account, it is easy enough to get it back once the trojan and the fake curse client has been removed. I remember not logging on for a while and have had characters switch from realms to realms and stripped of my gold and i had no idea until another player messaged me on Steam. Now, i check everything before clicking on anything.

Well Search engines would be used if they mistype the address anyway which is likely unless they use the page often. If it had a very similar webpage to get it from I am not surprised it was easily installed by mistake. The trojan would be useless with an authentication code though as it changes every minute.

 

InAUGral: The trojan would be useless with an authentication code though as it changes every minute.

I presume it would just act similar to a man-in-the-middle attack. You type in your credentials and authenticator code into the WoW client but the trojan causes these details to be sent elsewhere (and sent to Blizzard as well so you think nothing is wrong until they log in shortly after which would knock your connection off).

It would rely on someone being available to use the credentials as they are being received though but definitely possible.

 
Leave a comment

You can use the following bbCode
[i], [b], [img], [quote], [url href="http://www.google.com/"]Google[/url]

Leave a Reply

PC Gaming Calendar 2014

Follow Games.on.net

YouTube

Steam Group

Upcoming Games

Community Soapbox

Recent Features
The Elder Scrolls Online

Pay Once, Play Forever: As TESO falls, so does the subscription

The Elder Scrolls Online's move to ditch subscriptions shows that even the might of Zenimax can't make a dead funding model work anymore.

the_witcher_3_wild_hunt_preview_1

The Witcher 3: Wild Hunt is everything I hoped for

Is it too early to declare RPG of the Year?

Warlords of Draenor Competition

Warlords of Draenor competition: The winners!

Can the real time travellers please stand up (please stand up).

goty2014_featured_the_results

Game of the Year 2014: Your choices, your winners

What was your Best Game of the Year? And who won the PS4? All the details below...

Streaming Radio
Radio Streams are restricted to iiNet group customers.

GreenManGaming MREC

Facebook Like Box