Security Breach on Steam Workshop
TrendKia has learned of a significant security threat emerging on the Steam gaming platform. According to a report published by Kaspersky this Monday, attackers are utilizing the Steam Workshop to distribute malicious files under the guise of animated desktop wallpapers for the Wallpaper Engine application, many of which feature popular anime characters.
How the Malware Operates
The application allows executable programs to run directly on Windows systems, a feature that Kaspersky notes is being exploited to distribute malware disguised as legitimate content. The firm has identified dozens of compromised wallpaper packages that have been downloaded thousands of times by unsuspecting users.
Targeting Sensitive Data
The identified malware includes families such as Lumma, Vidar, and the RenEngine loader, all designed to harvest browser data, login credentials, and cryptocurrency wallet information. Researchers suggest this activity is likely coordinated by multiple threat actors rather than a single group. One incident documented in 2025 involved a wallpaper that appeared to launch a standard desktop game while silently installing the DarkKomet backdoor in the background.
Global Scope and Expert Warning
While the primary impact of this campaign has been concentrated in China and Russia, victims have also been identified in Singapore, Hong Kong, Germany, Vietnam, India, and Canada. Kaspersky researcher Maxim Starodubov stated that attackers rely on users trusting content hosted on legitimate ecosystems, enabling them to reach a massive audience through seemingly harmless digital assets.
A Growing Pattern of Steam-Based Attacks
These findings contribute to an increasing list of security incidents linked to the Steam platform. In July 2025, analysts at cybersecurity firm Prodaft discovered that the game Chemia was compromised to distribute various loaders and stealers, including Hijack Loader and Vidar Stealer. Furthermore, in March, the FBI launched an investigation into malware distribution via several Steam titles, including Chemia, PirateFi, BlockBlasters, Dashverse, DashFPS, Lampy, Lunara, and Tokenova.
