• Hype
  • Murai
  • Lipstiq
  • Varnam
  • Hangat
  • Autofreaks
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Mobile Gaming
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
    • Contact Us
No Result
View All Result
Lowyat.NET
  • News
    • Lifestyle
    • Computing
    • Hardware
    • Internet
    • Rumours & Leaks
    • Software
  • Forums
    • Kopitiam
    • Tradezone
    • Property Talk
    • Finance & Business
    • Fast and Furious
  • Gaming
    • PC Gaming
    • Console
    • Mobile Gaming
    • Esports
  • Mobile
    • Apps
    • OS
    • Tablets
    • Phones
    • Telco
      • Celcom
      • DiGi
      • Maxis
      • Tune Talk
      • U Mobile
      • Buzzme
  • Pricelists
    • Compu-zoneUpdated
    • ViewnetUpdated
    • Sri ComputersUpdated
    • StartecUpdated
  • More
    • Automotive Tech
    • Drone
    • Enterprise
    • Entertainment
    • Fashion
    • E-Hailing
    • Wearables
    • Contact Us
No Result
View All Result
Lowyat.NET
No Result
View All Result

Kaspersky: Hackers Use Steam’s Wallpaper Engine To Spread Account-Stealing Malware 

Hackers use the app and Steam Workshop to disguise malware as legitimate content.

by Kiran Ganesan
June 18, 2026
Steam logo stock file photo

Image: Valve

69
SHARES
Share on WhatsappShare on TelegramThreads

While cybersecurity measures have improved over the years, cybercriminals continue to find new ways to distribute malware. Kaspersky recently revealed an ongoing campaign that abuses Steam Workshop and Wallpaper Engine to distribute malicious files, with the aim of stealing Steam accounts and deploying additional malware on victims’ systems.

According to the cybersecurity company, researchers have identified multiple malicious wallpaper packages that have amassed thousands of downloads. Most victims come from China and Russia, although researchers have also noted some cases in Singapore, Hong Kong, Germany, Vietnam, India, and Canada.

Kaspersky: Hackers Use Steam’s Wallpaper Engine
Malicious app wallpaper downloads by region (Image: Securlist)

For those unfamiliar, Steam Workshop is a platform that allows users to share and download community-created content for games and applications on Steam. These content can range from custom maps, mods, in-game items, and wallpapers. Meanwhile, Wallpaper Engine lets users customise their desktop backgrounds using images, videos, webpages, and interactive scenes.

According to Kaspersky, attackers can abuse Wallpaper Engine as a malware delivery vector because it allows executable programmes to run directly on a user’s Windows PC. This allows attackers to disguise malicious software as legitimate content. The cybersecurity company also identified dozens of infected wallpaper packages on Steam Workshop, many of which had accumulated thousands or even tens of thousands of downloads.

Kaspersky: Hackers Use Steam’s Wallpaper Engine
Graph explaining how the malware deploys (Image: Securelist)

The report details two main methods of delivering the malware. In some cases, they bundle executable files, DLLs, and scripts directly into the wallpaper package. In others, they hide the malware inside password-protected archives, with the passwords stored in archive names or configuration files. Once Wallpaper Engine installs and loads the infected wallpaper, it executes the malicious components on the system.

The cybersecurity company shared sample wallpapers discovered in December 2025. It seemed and functioned legitimately on the surface. However, without the user’s knowledge, the wallpaper had already activated the DarkKomet backdoor and installed a modified library designed to harvest Steam account information and hijack active Steam sessions.

Kaspersky: Hackers Use Steam’s Wallpaper Engine
Sample of infected wallpapers and Steam Workshop mods (Image: Securelist)
Kaspersky: Hackers Use Steam’s Wallpaper Engine
Sample of infected wallpapers and Steam Workshop mods (Image: Securelist)
Kaspersky: Hackers Use Steam’s Wallpaper Engine
Sample of infected wallpapers and Steam Workshop mods (Image: Securelist)

Kaspersky also mentioned that the Securelist blog has more detailed information on how these attacks are carried out, as well as examples of infected wallpapers. It is also worth noting that some of the infected items and mods appear to feature adult-themed content. Kaspersky’s reporting does not explain this pattern, but attackers may intend it to increase the likelihood of users clicking on or downloading the content, so users should exercise caution when interacting with such files.

The company believes the attack likely involves multiple independent actors rather than a single group, and the malware spans multiple families. Researchers identified infostealers such as Lumma and Vidar, alongside the RenEngine loader distributed through malicious wallpapers.

The firm recommends exercising caution when downloading apps, even from trusted sources. If users need to download an app, they are advised to verify its reputation and ensure it comes from legitimate developers.

(Source: Kaspersky)

RELATED:  Valve Is Discontinuing Physical Steam Gift Cards
Filed Under kasperskysteam
Updated 2:13 pm, Thu, 18 June 26
SendShareShareShare28Tweet17

Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news. 

No Result
View All Result

TRENDING THIS WEEK

  1. 1
    Computing

    Apple Hikes Prices For Certain Products In Malaysia; Some See An Increase Of Over RM2,000

  2. 2
    Streaming

    Netflix Now Requires Unique Email For Each Profile Under Shared Accounts

  3. 3
    Collectibles

    Tomica Factory Now Part Of KLCC Brand Store Malaysia; First Factory Location Outside Japan

  4. 4
    Transportation

    LRT3 Ditches Tokens For QR Code Tickets, Open Payments Planned For The Future

  5. 5
    News

    Malaysia’s New Passport Officially Launches

NETWORK

  • Hype
  • Murai
  • Lipstiq
  • Varnam
  • Hangat
  • Autofreaks

ABOUT

  • Advertise
  • Careers
  • Privacy Statement
  • Editorial Policy
  • Terms of Use
  • Contact Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
  • Forums
  • Laptops
  • Telco
  • Mobile
  • Gaming
  • Fintech
  • Artificial Intelligence
  • Cryptocurrency
  • Cyber Security
  • Hybrid Vehicles
  • Advertise with Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.

No Result
View All Result
  • News
  • Forums
  • Laptops
  • Telco
  • Mobile
  • Gaming
  • Fintech
  • Artificial Intelligence
  • Cryptocurrency
  • Cyber Security
  • Hybrid Vehicles
  • Advertise with Us

©2026 VIJANDREN RAMADASS. ALL RIGHTS RESERVED.