A Trojan hiding as the popular add-on for World of Warcraft has been compromising user accounts, Blizzard revealed today.

According to a post on the World of Warcraft support forum, a fake version of the Curse Client contains the Trojan. The false client was available on a forged version of the Curse’s website, which came high up on major search engines.

The hacked version took account information, passwords and authenticator keys, but otherwise performed normally.

Blizzard has recommended users affected delete the client and run the latest version of Malwarebytes, following the instructions outlined on the support page.

“For those of you interested in these [man-in-the-middle] style attacks, this is the only confirmed case we’ve seen in several years outside of the ‘Configuring/HIMYM’ trojan in early 2012 that hit a handful of accounts,” a Blizzard support agent wrote. “These sort of outbreaks are annoying, but an Authenticator still protects your account 99% of the time. Stay safe!”

Have you been affected? Let us know in the comments.