Blizzard, developer of the popular online video game World of Warcraft which has more than seven million subscribers worldwide, was forced to alert users about a new threat this week.
Announcing the news on a blog post, the firm detailed how the Trojan poses as Curse, a genuine add-on for the game which can be downloaded from a fake Curse website. The Trojan steals both player account data and authenticator passwords when installed.
“We've been receiving reports regarding a dangerous Trojan that is being used to compromise players' accounts even if they are using an authenticator for protection,” said the company.
”The Trojan acts in real time to do this by stealing both your account information and Blizzard's authenticator password at the time you enter them.
The company advises people to solve the problem by deleting the fake Curse Client and running scans with an anti-virus solution. It also recommends changing passwords and downloading software only from official providers.
This latest data breach follows on from the DDoS attack on rival cloud-based games platform Steam earlier in the week, and has led some infosec experts to stress that gaming companies must copy the security tactics of financial institutions in order to maintain user trust.
“In terms of defensive strategies to hinder such attacks going forward, online games companies should consider developing systems similar to financial services to prevent, detect and degrade an aggressor's ability to move any stolen assets around,” Paul Vlissidis, technical director at the NCC Group, told SCMagazineUK.com.
“These strategies could include fraudulent or anomalous transaction detection, and the ability to trace and roll back asset movement between players to disincentivise the movement of stolen items,” he continued, adding that users too must be educated on the risks.
“These two, combined with monitoring of underground exchanges for stolen information and assets, could act as an early warning system that something may be amiss.”
Larry Ponemon, founder and analyst at Ponemon Institute, believes that games may be more susceptible because users trust both the online platform and physical consoles to keep them safe.
“The gamers who submit their credit card details online are really susceptible to social engineering and spear phishing attacks,” he told SCMagazineUK.com.
“These people are very computer literate, are aware of the latest and greatest technologies, and employ the highest level of security for email and Facebook. But there's a high level of trust in the gaming community. They believe it's their private place and they're really not anticipating a cyber attack."
Users who have been compromised by the Trojan can find support on the World of Warcraft forums.