AI Generated Image
Steam Workshop abused to spread malware via Wallpaper Engine app
BleepingComputer • • technology
Key Points:
- Threat actors are exploiting Steam Workshop's Wallpaper Engine feature to distribute malware hidden in wallpaper packages, risking Steam account hijacking, system backdoors, and cryptomining infections.
- Wallpaper Engine allows executable application wallpapers, which attackers abuse by embedding malicious payloads that execute automatically upon installation.
- Kaspersky researchers identified numerous malicious wallpapers containing various malware families, including DarkKomet backdoors, infostealers like Lumma and Vidar, cryptominers, botnet loaders, and ransomware.
- Although Steam has removed identified threats, Kaspersky warns that new malicious wallpapers may appear and advises users to download content only from trusted sources and use updated antivirus software to scan downloads.
