World of Warcraft has recently been the target of a malware attack which has the chance of infiltrating accounts and stealing user data.
Blizzard support recently identified the malware as originating from a fake copy of the Curse Client, which is an application that you can have as an add-on and is supposed to help with management. Blizzard stated that the malware operates by “stealing both your account information and the authenticator password at the time you enter them.”
As far as dealing with the issue, Blizzard Support has said that “at this point, it seems the easiest method to remove the trojan is to delete the fake Curse Client and run scans from an updated Malwarebytes. Should you still have issues, there is a more manual method that Ressie posted earlier in the thread.”
If you have been affected by the malware attack, Blizzard has set up a help page  dedicated to solving the problem.