The following is ripped directly from http://www.mmo-champion.com/
Trojan succesfully hacks Authenticator Protected Accounts
A new virus spawned on the internet a few days ago and seems to be the first trojan capable of hacking a WoW account protected by an Authenticator. It was confirmed by Blizzard a few hours ago.
Quote from: Kropacius (Source)After looking into this, it has been escalated, but it is a Man in the Middle attack.
This is still perpetrated by key loggers, and no method is always 100% secure.
Basically, what the virus does is fairly simple after you’re infected :
•The next time you log in World of Warcraft, the game asks for your Authenticator code.
•The virus intercepts it, send it to another server, and sends a wrong one to Blizzard = You get an error.
•The people behind the virus now have a few seconds/minutes to use the “real” code while it’s valid to change your password / empty your account / guild bank.
How to check if you’re infected
Just search for a file named “emcor.dll” on your computer, it is most likely located in “C:\Users\(Your user name)\AppData\Temp” but I suggest that you check everything just to be sure. If you do find the file, delete it and make sure you update your anti-virus to prevent any further problem.
To be honest, if you found this file your account is probably already compromised.
What does it mean exactly?
•Yes, you can get hacked even if you have an authenticator, the chances are MUCH lower but you’re not invulnerable.
•It definitely isn’t an excuse to not have an authenticator. We’re talking about a single virus here and the authenticator will save your ass 99% of the time.
•Get a decent anti-virus, buy an authenticator, you’ll be safe.