A Keylogger disguised as a World of Warcraft add-on is stealing account info and goods, and it by passes Blizzards Warcraft Athenticator
A file named emcor.dll which can be found in C:/Documents and Settings/Users/username/Application Data/Temp. Once the user launches the “add-on”, the PC is infected and causes World of Warcraft to crash. Once the user attempts to re-start World of Warcraft and log back into the account, the authenticator code is intercepted by the hacker and different code is sent to Blizzard’s servers, causing the account to be locked out.
A sponsored link in Google showing up as a top result for WowMatrix, a free World of Warcraft add-on installer and updater. The site instead is a launch platform where every mod is filled with malware.