In Brief:
- Kaspersky identified malware in Steam Workshop downloads masquerading as Wallpapers.
- The malware stole Steam credentials and deployed payloads like Lumma and Vidar infostealers.
- This discovery adds to the rise of malware incidents targeting gamers and crypto holders.
Malware found in Steam Workshop downloads
Kaspersky reported on Monday that malicious downloads labeled as Wallpaper Engine on Steam Workshop have infiltrated thousands of users’ PCs. Attackers utilized these downloads, often featuring animated female anime characters, to distribute harmful software.
“The application-based wallpaper feature allows executable programs to run directly on a user’s Windows computer,” Kaspersky said. This loophole enabled malware distribution disguised as innocuous desktop wallpapers. Dozens of infected wallpaper packages were discovered on the platform.
The malware identified includes Lumma and Vidar infostealers, known for stealing sensitive data, including cryptocurrency wallet information. Kaspersky researchers noted the apparent involvement of multiple threat actors in this campaign.
“Many of these packages had thousands or even tens of thousands of downloads,” the firm stated. Victims were mainly located in China and Russia, but infections also appeared in Singapore, Hong Kong, Germany, Vietnam, India, and Canada.
The malware was frequently packaged either directly with the wallpapers or concealed in password-protected archives that extracted after installation. One case in 2025 involved a wallpaper that appeared to launch a legitimate game but was secretly installing the DarkKomet backdoor.
“Trusted platforms can be abused to distribute malware,” said Kaspersky researcher Maxim Starodubov. “The delivery mechanism enables attackers to reach large numbers of potential victims through seemingly harmless content.”
This incident compounds a troubling trend of malware incidents linked to Steam. In July 2025, cybersecurity firm Prodaft reported that the game Chemia had been compromised to distribute various malwares targeting user data and cryptocurrency wallets. Earlier in March, the FBI initiated an investigation into malware linked to several Steam games, including Chemia and others.