World of Warcraft players warned of Trojan malware attack

World of Warcraft's 7.6 million subscribers have been warned their player accounts may have been compromised by a Trojan malware attack.

Blizzard, the studio behind the world's most popular massively multiplayer online (MMO) role-playing game, warned users that their personal information might have been stolen via a post on the official World of Warcraft forums.

"We've been receiving reports regarding a dangerous Trojan that is being used to compromise player's accounts even if they are using an authenticator for protection. The Trojan acts in real time to do this by stealing both your account information and the authenticator password at the time you enter them," read a support post by a Blizzard moderator.

"We are currently looking for more information on the Trojan. We have not been able to locate any anti-virus programs that will remove it besides just reformatting your system."

World of Warcraft players logging-in using the third-party Curse client, especially those new to it, have been warned that they could be handing their details to cyber criminals by logging into a fake version of the software loaded with malware.

"The Trojan is built into a fake (but working) version of the Curse client that is downloaded from a fake version of the Curse website. This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there," said a later post by Blizzard support.

"At this point, it seems the easiest method to remove the Trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes [free anti-malware program]," it suggested.