Overview
- Kaspersky disclosed on Tuesday that researchers found dozens of Wallpaper Engine application wallpapers on the Steam Workshop that bundled or dropped malware when installed.
- The attack uses Wallpaper Engine’s application wallpaper type because it runs arbitrary Windows executables, allowing hidden code to execute as soon as a user applies a wallpaper.
- Researchers observed multiple malware families delivered this way, including DarkKomet backdoors, Lumma and Vidar infostealers, crypto miners, loaders, and ransomware.
- Valve removed the specific Workshop items Kaspersky flagged after the disclosure but researchers warn new malicious uploads can reappear because the feature and open sharing model let anyone publish executable wallpapers.
- Users should avoid untrusted Workshop executables, scan any downloaded wallpapers with up-to-date antivirus software, and prefer content from verified creators to reduce the risk of account theft and system compromise.