Is Storm Client safe to use?

No, Storm Client is not safe. It contains malicious Allure plugins that steal user credentials, Discord information, and game data. The decompiled code shows explicit credential theft methods.

What data does Storm Client steal?

Storm Client steals RuneScape usernames, passwords, session tokens, Discord user IDs, IP addresses, inventory data, equipment, game location, and all player activities.

What are safe alternatives to Storm Client?

Safe alternatives include RuneLite (open-source, community-verified), Official Jagex Client (guaranteed safe), and HDOS (officially approved with HD graphics).

How do I protect my RuneScape account?

Enable authenticator, use strong unique passwords, only use safe clients like RuneLite, monitor account activity, secure your email, and avoid suspicious links or downloads.

← Back to Security Warning

RuneScape Security Glossary

Complete definitions of security terms, malware concepts, and technical terminology related to Storm Client, RuneLite, and OSRS account protection.

Malware

Security

Technical

Client

Account Data

Network Data

Account System

Software

Game Data

Allure Plugins

Malicious plugins created by Storm Client developer Burak that contain credential-stealing malware. These plugins send user data to alluremetrics.com every 30 seconds.

Malware

Related terms:

Storm Client

Credential Theft

Data Exfiltration

Authenticator

Two-factor authentication system provided by Jagex to add an extra layer of security to RuneScape accounts. Generates time-based codes for login verification.

Security

Related terms:

2FA

Account Security

Jagex Account

Base64 Encoding

Encoding method used by Storm Client malware to obfuscate stolen data before transmission to remote servers, making the malicious activity harder to detect.

Technical

Related terms:

Data Obfuscation

Malware

Network Traffic

Character ID

Unique identifier for your RuneScape character that Storm Client malware steals along with other account credentials for unauthorized access.

Account Data

Related terms:

Username

Password

Session Token

Credential Theft

The malicious practice of stealing usernames, passwords, and other authentication data. Storm Client's Allure plugins perform this automatically.

Malware

Related terms:

Data Theft

Account Compromise

Identity Theft

Data Exfiltration

The unauthorized transfer of data from a computer or network. Storm Client sends stolen data to alluremetrics.com every 30 seconds.

Malware

Related terms:

Data Theft

Network Traffic

Remote Server

Discord Integration

Feature that links RuneScape accounts with Discord. Storm Client malware steals Discord user ID and username for additional data correlation.

Account Data

Related terms:

Social Media

Data Correlation

Privacy Violation

HDOS

High Definition Old School - An official Jagex-approved client that provides enhanced graphics for OSRS. Safe alternative to Storm Client.

Client

Related terms:

Official Client

Jagex Approved

Safe Alternative

IP Address

Internet Protocol address that identifies your device on the internet. Storm Client malware collects this for location tracking and network analysis.

Network Data

Related terms:

Location Tracking

Network Security

Privacy

Jagex Account

Official account system used by Jagex for RuneScape. The legitimate way to access the game, as opposed to compromised credentials from Storm Client.

Account System

Related terms:

Official Account

Account Security

Jagex

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Storm Client's Allure plugins are classified as malware.

Security

Related terms:

Virus

Trojan

Credential Theft

Obfuscation

Technique used to make code or data difficult to understand. Storm Client uses obfuscated variable names and character arrays to hide malicious intent.

Technical

Related terms:

Code Hiding

Malware

Reverse Engineering

Open Source

Software whose source code is publicly available for inspection. RuneLite is open source, making it more trustworthy than closed-source clients like Storm Client.

Software

Related terms:

Transparency

Community Review

Security

Plugin

Software component that adds specific functionality to a client. While many plugins are legitimate, Storm Client's Allure plugins contain malicious code.

Software

Related terms:

Extension

Add-on

Malware

RuneLite

Popular open-source client for Old School RuneScape. Considered the safest and most trusted third-party client, recommended over Storm Client.

Client

Related terms:

Open Source

Safe Alternative

Community Trusted

Session Token

Temporary authentication credential that allows access to your account without re-entering your password. Storm Client malware steals these tokens.

Account Data

Related terms:

Authentication

Account Access

Security Token

SSL Bypass

Malicious technique used by Storm Client to disable SSL certificate verification, allowing insecure connections to remote servers for data transmission.

Security

Related terms:

Certificate Pinning

Network Security

Encryption

Storm Client

Third-party RuneScape client that contains malicious Allure plugins designed to steal user credentials and account data. Not recommended for use.

Client

Related terms:

Malware

Credential Theft

Security Risk

Third-Party Client

Software created by developers other than Jagex to play RuneScape. While some are safe (like RuneLite), others like Storm Client contain malware.

Client

Related terms:

Unofficial Client

Alternative Client

Security Risk

Two-Factor Authentication (2FA)

Security process that requires two forms of identification to access an account. Essential for protecting RuneScape accounts from unauthorized access.

Security

Related terms:

Authenticator

Account Security

Multi-Factor

World Point

Coordinate system used in RuneScape to track player location. Storm Client malware collects this data along with other game information.

Game Data

Related terms:

Location Data

Coordinates

Player Tracking

Need more information?

For detailed security analysis and protection guides.

Security Warning FAQ