Activision/Blizzard (well, mostly the Blizzard element of that alliance) is warning of a Trojan Horse in World of Warcraft that can take user account details even if extra security measures are used.Over on the official forum for
WoW Blizzard lays out the details and - later - comes up with what it says is a way not to get done over....
We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them. If your account has been compromised recently, I'd recommend looking for the Trojan. It can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64"
So reads the initial warning from the Forum.Fortunately this is followed up with:
-The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website. This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there. -At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread.
Find out more about the cure here.