Click Adventure: Difference between revisions

Line 14:

''Click Adventure'', a casual clicker game released on August 6, 2025, reportedly led to account compromises where users received emails about unrecognized Marketplace transactions for inventory items tied to the game. Affected users consistently reported that they did not own or interact with Click Adventure prior to the incidents. Losses varied, with some users reporting drains as low as $13 and others up to $205 from their Steam wallet balances. These transactions occurred without Steam Guard login alerts, suggesting a bypass of standard security protocols.

The scam, uncovered by consumer rights group Sentinels of the Store, involved a sophisticated network of hacked "seller" and "buyer" accounts. The developer, "Folso Dev", had reportedly been stockpiling these compromised accounts for up to nine months prior to the game's release.

The scam, uncovered by consumer rights group [https://steamcommunity.com/groups/Sentinels_of_the_Store Sentinels of the Store], involved a sophisticated network of hacked "seller" and "buyer" accounts. The developer, "Folso Dev", had reportedly been stockpiling these compromised accounts for up to nine months prior to the game's release.

The scheme operated in a two-step process:

Line 28:

The game's low-effort design—a simple clicker uncovering locations and loot—may have served as a vector for malware, extracting session cookies or login data without user awareness. This allowed hackers to maintain persistent access without re-authentication, directly draining wallets for in-game asset buys.

== Developer and publisher analysis ==

==Developer and publisher analysis==

The game was developed and published by "Folso Dev.," a entity with no prior Steam history beyond ''Click Adventure''. The name "Folso Dev." raises suspicions, phonetically resembling "false dev," and no verifiable social media, support contacts, or external presence exists for the developer outside automated Steam crawls. The game's [https://steamdb.info/app/3874190/ SteamDB page] shows it achieved a peak of only 4 concurrent players before removal on or around September 15, 2025, further indicating it was not a legitimate commercial release but potentially a vehicle for scams.

Line 41:

This incident has prompted calls for greater transparency and accountability from Valve regarding the security of its platform and the fairness of its refund policy for users who are victims of fraud and highlights gaps in Steam's game approval process for detecting malicious software. Consumers are left vulnerable to wallet drains from ostensibly legitimate titles.

== Reported impacts and recommendations ==

==Reported impacts and recommendations==

=== Complete list of reported impacts ===

===Complete list of reported impacts===

* Account compromise without login alerts.

*Account compromise without login alerts.

* Unauthorized Marketplace purchases of ''Click Adventure'' inventory items.

*Unauthorized Marketplace purchases of ''Click Adventure'' inventory items.

* Wallet drains ranging from $13 to $205.

*Wallet drains ranging from $13 to $205.

* At least 18-25 confirmed victims worldwide.

*At least 18-25 confirmed victims worldwide.

* No automatic refunds; manual requests denied.

*No automatic refunds; manual requests denied.

=== Recommendations for users ===

===Recommendations for users===

* Monitor purchase history and enable Steam Guard mobile authenticator.

*Monitor purchase history and enable Steam Guard mobile authenticator.

* Avoid adding significant funds to Steam wallets; use direct payment methods.

*Avoid adding significant funds to Steam wallets; use direct payment methods.

* Report suspicious games via Steam discussions and contact support immediately upon detecting unauthorized activity.

*Report suspicious games via Steam discussions and contact support immediately upon detecting unauthorized activity.

* Deauthorize all devices and change passwords if compromise is suspected.

*Deauthorize all devices and change passwords if compromise is suspected.

==References==

@@ Line 14: / Line 14: @@
 ''Click Adventure'', a casual clicker game released on August 6, 2025, reportedly led to account compromises where users received emails about unrecognized Marketplace transactions for inventory items tied to the game. Affected users consistently reported that they did not own or interact with Click Adventure prior to the incidents. Losses varied, with some users reporting drains as low as $13 and others up to $205 from their Steam wallet balances. These transactions occurred without Steam Guard login alerts, suggesting a bypass of standard security protocols.
-The scam, uncovered by consumer rights group Sentinels of the Store, involved a sophisticated network of hacked "seller" and "buyer" accounts. The developer, "Folso Dev", had reportedly been stockpiling these compromised accounts for up to nine months prior to the game's release.
+The scam, uncovered by consumer rights group [https://steamcommunity.com/groups/Sentinels_of_the_Store Sentinels of the Store], involved a sophisticated network of hacked "seller" and "buyer" accounts. The developer, "Folso Dev", had reportedly been stockpiling these compromised accounts for up to nine months prior to the game's release.
 The scheme operated in a two-step process:
@@ Line 28: / Line 28: @@
 The game's low-effort design—a simple clicker uncovering locations and loot—may have served as a vector for malware, extracting session cookies or login data without user awareness. This allowed hackers to maintain persistent access without re-authentication, directly draining wallets for in-game asset buys.
-== Developer and publisher analysis ==
+==Developer and publisher analysis==
 The game was developed and published by "Folso Dev.," a entity with no prior Steam history beyond ''Click Adventure''. The name "Folso Dev." raises suspicions, phonetically resembling "false dev," and no verifiable social media, support contacts, or external presence exists for the developer outside automated Steam crawls. The game's [https://steamdb.info/app/3874190/ SteamDB page] shows it achieved a peak of only 4 concurrent players before removal on or around September 15, 2025, further indicating it was not a legitimate commercial release but potentially a vehicle for scams.
@@ Line 41: / Line 41: @@
 This incident has prompted calls for greater transparency and accountability from Valve regarding the security of its platform and the fairness of its refund policy for users who are victims of fraud and highlights gaps in Steam's game approval process for detecting malicious software. Consumers are left vulnerable to wallet drains from ostensibly legitimate titles.
-== Reported impacts and recommendations ==
+==Reported impacts and recommendations==
-=== Complete list of reported impacts ===
+===Complete list of reported impacts===
-* Account compromise without login alerts.
+*Account compromise without login alerts.
-* Unauthorized Marketplace purchases of ''Click Adventure'' inventory items.
+*Unauthorized Marketplace purchases of ''Click Adventure'' inventory items.
-* Wallet drains ranging from $13 to $205.
+*Wallet drains ranging from $13 to $205.
-* At least 18-25 confirmed victims worldwide.
+*At least 18-25 confirmed victims worldwide.
-* No automatic refunds; manual requests denied.
+*No automatic refunds; manual requests denied.
-=== Recommendations for users ===
+===Recommendations for users===
-* Monitor purchase history and enable Steam Guard mobile authenticator.
+*Monitor purchase history and enable Steam Guard mobile authenticator.
-* Avoid adding significant funds to Steam wallets; use direct payment methods.
+*Avoid adding significant funds to Steam wallets; use direct payment methods.
-* Report suspicious games via Steam discussions and contact support immediately upon detecting unauthorized activity.
+*Report suspicious games via Steam discussions and contact support immediately upon detecting unauthorized activity.
-* Deauthorize all devices and change passwords if compromise is suspected.
+*Deauthorize all devices and change passwords if compromise is suspected.
 ==References==