- Kaspersky found Steam Workshop wallpapers weaponized to deliver malware via Wallpaper Engine
- Dozens of malicious “application wallpapers” downloaded tens of thousands of times, spreading backdoors, infostealers, miners, and ransomware
- Valve removed the infected uploads, but users warned attackers could easily re‑upload new ones
Steam Workshop, a community platform built into Steam that allows users to share custom content, was being used to infect gamers with malware, researchers have claimed.
For at least half a year, gamers that used the platform to download certain wallpapers were being served various malware, Kaspersky recently explained.
This campaign has been running since at least late 2025, Kaspersky said – with some sources noting the majority of the victims are in Russia and China.
Dozens of malicious wallpapers
Steam is a hugely popular digital distribution platform for PC games, developed by a company called Valve. Baked into it is Workshop, a community tool where gamers can share mods, maps, skins, wallpapers, and other add-ons for games and applications.
Among other things, Steam Workshop allows gamers to use Wallpaper Engine, a desktop customization application that supports more than just “static” image wallpapers. With it, gamers can have videos, interactive animations, and even entire applications, displayed as a wallpaper.
And that is where the problem lies – hackers have been using application wallpapers as delivery mechanisms for different malware, including backdoors and cryptojackers.
“We discovered dozens of these malicious application wallpapers floating around Steam Workshop, and each one had already been downloaded thousands – or even tens of thousands – of times,” Kaspersky said.
Looking deeper into the weaponized wallpapers,…
