- Kaspersky found Steam Workshop wallpapers weaponized to deliver malware via Wallpaper Engine
- Dozens of malicious “app wallpapers” downloaded tens of thousands of times, spreading backdoors, information stealers, miners and ransomware.
- Valve removed the infected downloads, but users warned that attackers could easily download new ones.
Steam Workshop, a community platform built into Steam that allows users to share personalized content, was used to infect players with malware, researchers claimed.
For at least six months, gamers who used the platform to download certain wallpapers faced various malware, Kaspersky recently explained.
This campaign has been ongoing since at least the end of 2025, Kaspersky said – with some sources noting that the majority of victims are in Russia and China.
Dozens of malicious wallpapers
Steam is an extremely popular digital distribution platform for PC games, developed by a company called Valve. It contains Workshop, a community tool where players can share mods, maps, skins, wallpapers, and other add-ons for games and apps.
Among other things, Steam Workshop allows players to use Wallpaper Engine, a desktop customization application that supports much more than just “static” wallpapers. With it, players can display videos, interactive animations and even entire applications as wallpaper.
And therein lies the problem: hackers use app wallpapers as delivery mechanisms for different malware, including backdoors and cryptojackers.
“We discovered dozens of malicious app wallpapers floating around Steam Workshop, and each of them had already been downloaded thousands, if not tens of thousands of times,” Kaspersky said.
Looking further into weaponized wallpapers, Kaspersky found that malware is often either bundled in the package or delivered in a password-protected archive. The payload itself is executed automatically the moment the user installs the wallpaper, it was said. In one example, Kaspersky was offered a backdoor, and in another, an information thief. Lumma and Vidar information stealers, cryptocurrency miners, botnet loaders, RanEngine, and even ransomware strains were all distributed this way.
Kaspersky only disclosed its findings after Steam identified and removed all malicious wallpaper apps. However, users should be careful, as there is nothing stopping threat actors from simply downloading new ones.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
