Recent discoveries by cybersecurity firm Kaspersky have unveiled a significant security threat within the Steam Workshop, where malicious software is being disguised as animated wallpapers. These deceptively harmless-looking files aim to steal users’ Steam credentials, hijack active sessions, and plant additional malware on their systems.
How Are Malicious Wallpapers Distributed?
The report highlights that many wallpapers, particularly those featuring anime characters, serve as a front for these hidden threats. Wallpaper Engine, a popular tool for creating desktop animations on Windows, permits executable programs within wallpaper files. This opens a dangerous loophole exploited by attackers to distribute malicious content under the veneer of legitimate software.
Kaspersky revealed that dozens of compromised wallpaper packs have been identified on Steam Workshop, some of which have been downloaded thousands—even tens of thousands—of times.
In some instances, the harmful software is concealed within password-protected archives embedded in the wallpaper files. An example from 2025 showed a wallpaper masquerading as a game launcher but secretly installing the DarkKomet backdoor.
Targeting Digital Wallets and Accounts?
Yes, alongside widespread infostealer malware like Lumma and Vidar, cybercriminals have also utilized the RenEngine loader. These malicious programs aim to extract a variety of sensitive data including usernames, passwords, and cryptocurrency wallet information. Kaspersky’s analysis suggests this is likely the work of multiple threat actors cooperating rather than a single entity.
Records indicate that China and Russia are the most affected regions. However, there are also reports of infections in Singapore, Hong Kong, Germany, Vietnam, India, and Canada.
A Growing Problem on Steam?
Certainly, the persistence of these threats is partly due to users’ trust in recognized platforms. Kaspersky’s Maxim Starodubov emphasizes that attackers exploit this trust by leveraging seemingly innocuous content to deliver malware to a broader audience.
Starodubov emphasized that even trusted platforms can be exploited, noting that attackers leverage the confidence users have in legitimate ecosystems to reach vast numbers of potential victims.
Incidents like these are becoming more frequent. In July 2025, another security firm, Prodaft, pointed out malware dissemination via the game Chemia on Steam. This echoes an earlier FBI investigation into malicious campaigns tied to various games on the platform.
- Users should exercise caution when downloading content, particularly executable files.
- Regularly updating antivirus and security software can mitigate the risks.
- Being suspicious of unexpectedly password-protected downloads is advised.
- Monitoring recent downloads and activities for any unusual behavior is crucial.
In light of these findings, users should stay vigilant and informed about their digital activities, particularly when engaging with content from reputed platforms. The blending of malicious code within popular software underlines the necessity for robust cybersecurity measures and education. Kaspersky’s findings serve as a critical reminder of the ever-evolving nature of cybersecurity threats in the digital landscape.
