Kaspersky found a malware campaign hiding in plain sight on Steam Workshop — inside Wallpaper Engine downloads. Dozens of infected wallpaper packages, many featuring anime characters, have racked up thousands or even tens of thousands of downloads.
Here’s the thing: Wallpaper Engine lets executable programs run directly on your Windows desktop. Attackers abused that feature to bundle infostealers, backdoors, and session hijackers into what looks like a harmless animated wallpaper.
The malware families involved include Lumma and Vidar — both well-known for stealing browser data, credentials, and cryptocurrency wallet info. Some packages hid the payload inside password-protected archives that unpacked after installation.
Most victims are in China and Russia, but infections showed up in Singapore, Germany, Vietnam, India, Canada, and Hong Kong too.
This isn’t the first time Steam’s been used this way. Last year, the Early Access game Chemia was caught distributing Hijack Loader and Fickle Stealer. The FBI’s been investigating malware in multiple Steam games since March.
Kaspersky researcher Maxim Starodubov put it simply: trusted platforms get abused because users trust content inside legitimate ecosystems. If you’re using Wallpaper Engine, maybe double-check what you’re downloading.
