World of Warcraft players are being advised to be vigilant of a "dangerous Trojan" that could potentially compromise their accounts, even if they are using a Battle.net authenticator to protect themselves.
According to a post on Blizzard's support forum, the reported malware acts in real time by "stealing both your account information and the authenticator password at the time you enter them." Both the mobile and physical Battle.net authenticator are identified as at-risk.
Blizzard support reps said the Trojan can be identified by creating an MSInfo file and then looking in the Startup Program section of that file for either "Disker" or "Disker64." The malware cannot be spotted until after it becomes active and no known security software can see it or remove it, according to support forum agents.
The Trojan appears to be Windows-specific, as Blizzard reps say they have no reports of the malware affecting the Mac version of World of Warcraft.