PC gamers looking to customize their desktops are inadvertently downloading malware that steals their Steam accounts. Cybersecurity firm Kaspersky has uncovered a new threat where hackers are hiding malicious code inside animated backgrounds for the popular app Wallpaper Engine, distributed directly through the Steam Workshop. The compromised packages have already been downloaded tens of thousands of times by unsuspecting users.
The vulnerability stems from how interactive backgrounds function. Wallpaper Engine allows users to run animated or interactive wallpapers, which are often executable Windows applications that run code directly on a user's system. Hackers are exploiting this architecture by bundling malware inside password-protected archives within these wallpaper packages. When a user installs the background, the archive executes automatically, deploying the payload silently in the background.
Trusted platforms can be abused to distribute malware.
- Kaspersky
While the primary targets for this campaign have been Steam users in China and Russia, Kaspersky researchers have identified victims across multiple regions, including Singapore, Hong Kong, Germany, and Canada. The primary goal of the attackers is to hijack Steam accounts, but the malware has also been observed installing additional information-stealing programs on infected machines. It is crucial to note that neither Valve nor the developers of Wallpaper Engine are creating these malicious files; attackers are simply abusing the community-driven nature of the Steam Workshop.
How to Protect Your System from Workshop Malware
Because this threat relies on user interaction and the inherent trust placed in the Steam ecosystem, gamers must take proactive steps to secure their accounts and PCs. Follow these standard security practices to mitigate the risk:
- Avoid Executable Wallpapers: Stick to standard video or image-based backgrounds. Be highly skeptical of interactive wallpapers that require executable permissions.
- Check Community Feedback: Before downloading a package from the Steam Workshop, check the comments and ratings for any warnings from other users about suspicious activity.
- Enable Two-Factor Authentication: Ensure Steam Guard is active on your account to prevent unauthorized logins even if your credentials are compromised.
- Run Security Scans: Keep your antivirus software updated and run regular scans, especially if you frequently download community mods or third-party assets.
The Supply Chain Threat in PC Gaming
This Wallpaper Engine malware campaign highlights a growing and dangerous trend in PC gaming: the exploitation of trusted community hubs. Gamers inherently trust platforms like the Steam Workshop because they are officially hosted by Valve. However, as seen with the recent Minecraft incident - where over 100,000 users were infected by malware hidden in fake clients and mods - attackers are shifting from traditional phishing to supply-chain-style attacks within gaming ecosystems.
The reliance on password-protected archives to bypass automated security scans exposes a critical blind spot in how user-generated content is moderated. Until platforms implement more aggressive sandboxing or stricter code-scanning protocols for executable community files, the burden of security falls entirely on the player. This incident serves as a stark reminder that a vibrant modding community is also a highly lucrative attack vector for cybercriminals.
