In the report published on Monday, Kaspersky said attackers used Steam Workshop to distribute malicious Wallpaper Engine downloads disguised as animated desktop wallpapers, many featuring female anime characters.

“The application-based wallpaper feature allows executable programs to run directly on a user's Windows computer, allowing attackers to distribute malicious software under the guise of legitimate content,” Kaspersky said, adding that it had identified dozens of infected wallpaper packages available through Steam Workshop.

Kaspersky also identified wallpaper distributing Lumma and Vidar infostealers, malware families commonly used to steal credentials, browser data, and cryptocurrency wallet information, alongside the RenEngine loader. Researchers said the activity appeared to involve multiple threat actors rather than a single group.



“Many of these packages had thousands or even tens of thousands of downloads,” the firm said.

According to Kaspersky, victims of the malware campaign were primarily in China and Russia, though infections were also seen in Singapore, Hong Kong, Germany, Vietnam, India, and Canada.

The malicious wallpapers either bundled malware directly or hid it inside password-protected archives that unpacked after installation, the company said, noting a 2025 case where a wallpaper appeared to launch a legitimate desktop game while secretly installing the DarkKomet backdoor.

"Trusted platforms can be abused to distribute malware: The attacks rely on users trusting content hosted within legitimate ecosystems,” Kaspersky researcher Maxim Starodubov said in a statement. “While many of the malware families involved are well-known, the delivery mechanism enables attackers to reach large numbers of potential victims through seemingly harmless content."

The findings add to a growing list of Steam-related malware incidents.

In July 2025, researchers with cybersecurity firm Prodaft reported that the Steam Early Access game Chemia had been compromised to distribute Hijack Loader, Fickle Stealer, and Vidar Stealer malware targeting cryptocurrency wallets and user data. In March, the FBI announced an investigation into malware distributed through several Steam games, including Chemia, PirateFi, BlockBlasters, Dashverse, DashFPS, Lampy, Lunara, and Tokenova.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。