Briefly
- Kaspersky discovered malicious Wallpaper Engine downloads on Steam Workshop with 1000’s of installs.
- The malware stole Steam credentials, hijacked energetic periods, and deployed extra payloads, together with Lumma and Vidar infostealers.
- The invention follows a sequence of Steam-related malware incidents which have focused players and crypto holders.
Within the report revealed on Monday, Kaspersky mentioned attackers used Steam Workshop to distribute malicious Wallpaper Engine downloads disguised as animated desktop wallpapers, many that includes feminine anime characters.
“The applying-based wallpaper function permits executable applications to run immediately on a person’s Home windows pc, permitting attackers to distribute malicious software program below the guise of professional content material,” Kaspersky mentioned, including that it had recognized dozens of contaminated wallpaper packages out there by means of Steam Workshop.
Kaspersky additionally recognized wallpaper distributing Lumma and Vidar infostealers, malware households generally used to steal credentials, browser knowledge, and cryptocurrency pockets info, alongside the RenEngine loader. Researchers mentioned the exercise appeared to contain a number of menace actors relatively than a single group.
“Many of those packages had 1000’s and even tens of 1000’s of downloads,” the agency mentioned.
In keeping with Kaspersky, victims of the malware marketing campaign had been primarily in China and Russia, although infections had been additionally seen in Singapore, Hong Kong, Germany, Vietnam, India, and Canada.
The malicious wallpapers both bundled malware immediately or hid it inside password-protected archives that unpacked after set up, the corporate mentioned, noting a 2025 case the place a wallpaper appeared to launch a professional desktop sport whereas secretly putting in the DarkKomet backdoor.
“Trusted platforms will be abused to distribute malware: The assaults depend on customers trusting content material hosted inside professional ecosystems,” Kaspersky researcher Maxim Starodubov mentioned in a press release. “Whereas most of the malware households concerned are well-known, the supply mechanism permits attackers to succeed in massive numbers of potential victims by means of seemingly innocent content material.”
The findings add to a rising record of Steam-related malware incidents.
In July 2025, researchers with cybersecurity agency Prodaft reported that the Steam Early Entry sport Chemia had been compromised to distribute Hijack Loader, Fickle Stealer, and Vidar Stealer malware concentrating on cryptocurrency wallets and person knowledge. In March, the FBI introduced an investigation into malware distributed by means of a number of Steam video games, together with Chemia, PirateFi, BlockBlasters, Dashverse, DashFPS, Lampy, Lunara, and Tokenova.
Each day Debrief Publication
Begin day-after-day with the highest information tales proper now, plus unique options, a podcast, movies and extra.