A couple years ago Blizzard Entertainment introduced the authenticator as a way to beef up security for World of Warcraft players. It has definitely worked with players using the service suffering from fewer hacks. However, where there is a will there is a way for hackers to bypass anything.
Blizzard, posting on their forums, have revealed that they have discovered a new Trojan virus that is capable of bypassing the authenticators. The virus acts in real time stealing the account and authenticator information as you enter it. This virus is built into a fake but functional version of the Curse Client that is available from a fake Curse website. People unaware of the difference ended up downloading this client by accident when typing “curse client” into Google.
Blizzard suggests that you delete the fake Curse Client and run scans with an updated Malwarebytes to figure out if you have the virus and then delete it. You can do this by following the steps outlined here. The developer has also assured worried fans that the authenticator is rarely compromised.
Always remember to be careful when playing games online whether it be World of Warcraft, Steam, Origin, PSN or Xbox Live. Make your password as tough as possible to crack and never reveal any information to anybody. Legitimate sites will never ask you upfront for any information that could compromise your account.