Writing on its forums today, the developer said the trojan stems from a fake version of the Curse Client.
A summary of Blizzard's latest findings is below."The trojan is built into a fake (but working) version of the Curse Client that is downloaded from a fake version of the Curse Website.
The same goes for any Blizzard Balance that players in these regions have stored with us, which will convert over to their local currency.
Updating world of warcraft account
This includes physical addresses, e-mail addresses, phone numbers, and inappropriate photos and/or videos.
[UPDATE] Blizzard has provided a new update regarding the malware.
A list of any add-ons you recently installed along with where you got them.
A list of any programs you recently installed along with where you got them.
if i do try and log in with my email, even a wrong password sends me to the "downloading update" screen. Using email address will airways lead to the client updating itself. Try it again with username and make sure you don't try the email at all. Take a screenshot of it and post it so we can check it's correct. We take these seriously and will alert the proper authorities.
Posts containing personal information about other players. but i've since changed it to the one on the sidebar of the subreddit, and i'm getting the exact same issue. it's been a while since i've been on, so i don't recall which i used, but the client has the email saved.either way, i tried logging in with my username instead, and it just gives me the typical "unable to connect" prompt.This site was popping up in searches for "curse client" on major search engines, which is how people were lured into going there.At this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. i'm trying to log in, yet when i do, i'm sent to a screen that says "downloading update: 0%" and just a cancel button.