{"id":3697,"date":"2026-06-16T09:04:02","date_gmt":"2026-06-16T09:04:02","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/"},"modified":"2026-06-16T09:04:02","modified_gmt":"2026-06-16T09:04:02","slug":"dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/","title":{"rendered":"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk"},"content":{"rendered":"<div>\n<p><img width=\"990\" height=\"400\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg\" class=\"attachment-securelist-huge-promo size-securelist-huge-promo wp-post-image\" alt=\"\" decoding=\"async\" loading=\"lazy\"><\/p>\n<p>Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform\u2019s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine \u2013 a popular live wallpaper app available on Steam \u2013 specifically leveraging its Workshop sharing feature. The malware is hidden inside the wallpaper packages users share with one another. Running one of these compromised wallpapers can lead to a stolen Steam account or leave the victim\u2019s system infected with backdoors or crypto miners.<\/p>\n<h3><strong>What is Wallpaper Engine?<\/strong><\/h3>\n<p>Wallpaper Engine is an app that allows you to put animated wallpapers on your desktop. It\u2019s available for both Windows and Android, though our investigation focused strictly on the Windows version. Thanks to a massive Steam community, the app <a href=\"https:\/\/steamdb.info\/app\/431960\/\" target=\"_blank\" rel=\"noopener\">is quite popular<\/a>, boasting around 100,000 daily active users and nearly a million reviews. It comes with a built-in editor so users can create their own designs, and it supports a few different wallpaper types:<\/p>\n<ul>\n<li>Videos: MP4, WebM, and other common video formats<\/li>\n<li>Scenes: interactive wallpapers built inside the app\u2019s own editor<\/li>\n<li>Web pages: HTML pages powered by JavaScript and CSS, which can also include audio and video elements<\/li>\n<li>Applications: active windows from third-party Windows-compatible software that Wallpaper Engine sets as the user\u2019s desktop background<\/li>\n<\/ul>\n<p>That last type, application wallpapers, is where things get risky, because these are essentially standalone programs. They can be anything from mini-games you play right on your desktop, to planners, calendars, system monitors, or widgets tracking your CPU or GPU usage.<\/p>\n<h2 id=\"application-wallpapers-a-built-in-security-risk\">Application wallpapers: a built-in security risk<\/h2>\n<p>The whole concept of \u201capplication wallpapers\u201d essentially allows foreign code to be run directly on your computer. Cybercriminals took note of this feature and started embedding malware right into these types of wallpapers. Because Wallpaper Engine relies on Steam Workshop for content sharing, anyone can create a wallpaper and publish it for the community to download and install for free. Naturally, this setup is a magnet for bad actors.<\/p>\n<p>We discovered dozens of these malicious application wallpapers floating around Steam Workshop, and each one had already been downloaded thousands \u2013 or even tens of thousands \u2013 of times.<\/p>\n<div class=\"post-gallery-wrapper _post _post-9554\" data-id=\"9554\">\n<div class=\"post-gallery\">\n<div class=\"post-gallery__item\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"562\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-1024x562.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-1024x562.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-300x165.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-768x422.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-638x350.png 638w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-740x406.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-510x280.png 510w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6-800x439.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture6.png 1084w\" sizes=\"(max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-1024x589.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-1024x589.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-300x172.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-768x442.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-609x350.png 609w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-740x425.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-487x280.png 487w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1-800x460.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111859\/Picture1.png 1035w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"565\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-1024x565.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-1024x565.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-300x166.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-768x424.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-270x150.png 270w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-634x350.png 634w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-740x408.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-508x280.png 508w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7-800x441.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111857\/Picture7.png 1035w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"566\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-1024x566.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-1024x566.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-300x166.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-768x424.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-270x150.png 270w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-633x350.png 633w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-740x409.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-507x280.png 507w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8-800x442.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111902\/Picture8.png 1035w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"587\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-1024x587.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-1024x587.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-300x172.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-768x440.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-611x350.png 611w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-740x424.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-489x280.png 489w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10-800x458.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture10.png 1035w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"567\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-1024x567.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-1024x567.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-300x166.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-768x425.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-270x150.png 270w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-632x350.png 632w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-740x410.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-506x280.png 506w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4-800x443.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111911\/Picture4.png 1075w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"562\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-1024x562.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-1024x562.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-300x165.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-768x422.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-637x350.png 637w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-740x406.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-510x280.png 510w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2-800x439.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111903\/Picture2.png 1227w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"568\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-1024x568.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-1024x568.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-300x166.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-768x426.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-270x150.png 270w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-631x350.png 631w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-740x410.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-505x280.png 505w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3-800x444.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111914\/Picture3.png 1035w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"589\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-1024x589.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-1024x589.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-300x172.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-768x442.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-609x350.png 609w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-740x425.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-487x280.png 487w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5-800x460.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111915\/Picture5.png 1035w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"973\" height=\"492\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12.png 973w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12-300x152.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12-768x388.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12-692x350.png 692w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12-740x374.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12-554x280.png 554w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111918\/Picture12-800x405.png 800w\" sizes=\"auto, (max-width: 973px) 100vw, 973px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"547\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11.png 975w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11-300x168.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11-768x431.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11-270x150.png 270w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11-800x449.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11-624x350.png 624w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11-740x415.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111917\/Picture11-499x280.png 499w\" sizes=\"auto, (max-width: 975px) 100vw, 975px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"592\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-1024x592.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-1024x592.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-300x173.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-768x444.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-605x350.png 605w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-740x428.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-484x280.png 484w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13-800x463.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111921\/Picture13.png 1029w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"981\" height=\"631\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14.png 981w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14-300x193.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14-768x494.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14-544x350.png 544w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14-740x476.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14-435x280.png 435w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111924\/Picture14-800x515.png 800w\" sizes=\"auto, (max-width: 981px) 100vw, 981px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"556\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-1024x556.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-1024x556.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-300x163.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-768x417.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-645x350.png 645w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-740x402.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-516x280.png 516w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15-800x434.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111928\/Picture15.png 1035w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"572\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-1024x572.png\" class=\"attachment-large size-large\" alt=\"Here's what these infected wallpapers look like on Steam Workshop\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-1024x572.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-300x167.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-768x429.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-270x150.png 270w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-627x350.png 627w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-740x413.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-502x280.png 502w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17-800x447.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111930\/Picture17.png 1039w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<div class=\"post-gallery__item\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"596\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-1024x596.png\" class=\"attachment-large size-large\" alt=\"\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-1024x596.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-300x175.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-768x447.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-601x350.png 601w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-740x431.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-481x280.png 481w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16-800x466.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15111931\/Picture16.png 1072w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\"><\/div>\n<\/div>\n<\/div>\n<p>When we analyzed them, we caught two different methods the attackers were using to spread their malware:<\/p>\n<ul>\n<li>An archive containing the executable wallpaper alongside the malicious files. This payload usually consisted of compromised EXE files, DLLs, or malicious scripts.<\/li>\n<li>In other cases, attackers threw a curveball by hiding the malware inside a password-protected archive. Either the victim was tricked into typing the password, or a script handled it automatically. The attackers would hide the password in plain sight \u2013 either right in the archive\u2019s name or inside a JSON configuration installed along with other wallpaper files. For all the other variations, the payload triggered automatically when the user selected and applied the wallpaper.<\/li>\n<\/ul>\n<h2 id=\"inside-an-infected-game-wallpaper\">Inside an infected game wallpaper<\/h2>\n<div id=\"attachment_120188\" style=\"width: 1930px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120188\" class=\"size-full wp-image-120188\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18.png\" alt=\"Main screen of the wallpaper application\" width=\"1920\" height=\"1080\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18.png 1920w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-300x169.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-1024x576.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-768x432.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-1536x864.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-800x450.png 800w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-622x350.png 622w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-740x416.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194426\/dozens-of-malicious-wallpapers18-498x280.png 498w\" sizes=\"auto, (max-width: 1920px) 100vw, 1920px\"><\/a><\/p>\n<p id=\"caption-attachment-120188\" class=\"wp-caption-text\">Main screen of the wallpaper application<\/p>\n<\/div>\n<p>On the surface, this wallpaper sample (above) we uncovered in December 2025 looks completely harmless. Once launched, there\u2019s absolutely nothing to trigger your suspicion. The built-in game boots up flawlessly, runs smoothly, and the desktop controls work exactly as they should. But behind the scenes, a full-blown infection is underway. Within just a few minutes, a user might suddenly realize their Steam account has been hijacked, or find their computer crippled by malware, with their files being encrypted by ransomware or their system performance tanking because of a hidden crypto miner.<\/p>\n<div id=\"attachment_120189\" style=\"width: 2060px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120189\" class=\"size-full wp-image-120189\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19.png\" alt=\"How the malware deploys\" width=\"2050\" height=\"1122\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19.png 2050w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-300x164.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-1024x560.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-768x420.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-1536x841.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-2048x1121.png 2048w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-639x350.png 639w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-740x405.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-512x280.png 512w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194513\/dozens-of-malicious-wallpapers19-800x438.png 800w\" sizes=\"auto, (max-width: 2050px) 100vw, 2050px\"><\/a><\/p>\n<p id=\"caption-attachment-120189\" class=\"wp-caption-text\">How the malware deploys<\/p>\n<\/div>\n<p>Once the game wallpaper launches, it drops a backdoor file called <code>Synaptics.exe<\/code> (part of the <a href=\"https:\/\/threats.kaspersky.com\/en\/threat\/Backdoor.Win32.DarkKomet\/\" target=\"_blank\" rel=\"noopener\">DarkKomet<\/a> malware family) straight into the victim\u2019s system. At the same time, an executable named <code>._cache_GAME1.exe<\/code> fires up to boot the actual game, NTRaholic.<\/p>\n<p>But that <code>._cache_GAME1.exe<\/code> module is doing double duty. It simultaneously installs a custom version of a system library called AggregatorHost.dll with a payload inside. This modified library has one main objective: track down the Steam app on the computer and hunt for account credentials.<\/p>\n<div id=\"attachment_120190\" style=\"width: 692px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194544\/dozens-of-malicious-wallpapers20.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120190\" class=\"size-full wp-image-120190\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194544\/dozens-of-malicious-wallpapers20.png\" alt=\"Looking for the Steam app\" width=\"682\" height=\"510\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194544\/dozens-of-malicious-wallpapers20.png 682w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194544\/dozens-of-malicious-wallpapers20-300x224.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194544\/dozens-of-malicious-wallpapers20-200x150.png 200w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194544\/dozens-of-malicious-wallpapers20-468x350.png 468w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194544\/dozens-of-malicious-wallpapers20-374x280.png 374w\" sizes=\"auto, (max-width: 682px) 100vw, 682px\"><\/a><\/p>\n<p id=\"caption-attachment-120190\" class=\"wp-caption-text\">Looking for the Steam app<\/p>\n<\/div>\n<p>Next, the modified library hijacks the user\u2019s live Steam session.<\/p>\n<div id=\"attachment_120191\" style=\"width: 1573px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21.png\" class=\"magnificImage\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-120191\" class=\"size-full wp-image-120191\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21.png\" alt=\"Hijacking the Steam session\" width=\"1563\" height=\"640\" srcset=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21.png 1563w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-300x123.png 300w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-1024x419.png 1024w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-768x314.png 768w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-1536x629.png 1536w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-855x350.png 855w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-740x303.png 740w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-684x280.png 684w, https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194614\/dozens-of-malicious-wallpapers21-800x328.png 800w\" sizes=\"auto, (max-width: 1563px) 100vw, 1563px\"><\/a><\/p>\n<p id=\"caption-attachment-120191\" class=\"wp-caption-text\">Hijacking the Steam session<\/p>\n<\/div>\n<p>After that, the compromised AggregatorHost.dll sends all the collected data to a server controlled by the hackers at <code>hxxp:\/\/120.48.156[.]17\/ey.php.<\/code> Once the attackers have control of that active session, they can use the victim\u2019s account to upload even more malicious wallpapers to Steam Workshop.<\/p>\n<h3><strong>Attribution and victims<\/strong><\/h3>\n<p>The game wallpaper described above is just one flavor of the many variations we uncovered during our research. By weaponizing the application wallpaper feature, bad actors have successfully distributed almost every type of malware under the sun \u2013 from popular infostealers and backdoors to crypto miners and botnet loaders.<\/p>\n<p>Because the range of tools being used is so diverse, we suspect this isn\u2019t the work of a single mastermind. Instead, it looks like multiple scattered, independent hacking groups are all jumping on the same trend. Right now, the primary targets are gamers in China. The wallpaper art styles and titles are tailored specifically to them, and the data backs it up: our security systems caught a staggering 89% of the malicious download attempts happening right there. That said, there\u2019s absolutely nothing stopping these attackers from pivoting and launching a similar campaign in any other part of the world. Russia comes in second place for total downloads at 5.5%, followed by a smattering of other countries and territories: Singapore (1.4%), Hong Kong (0.9%), Germany (0.9%), Vietnam (0.9%), India (0.5%), and Canada (0.5%).<\/p>\n<div class=\"js-infogram-embed\" data-id=\"_\/tVwiMsl9anfO3q4NmH1p\" data-type=\"interactive\" data-title=\"01 EN - \u0414\u0438\u0430\u0433\u0440\u0430\u043c\u043c\u0430 \u0434\u043b\u044f \u0441\u0442\u0430\u0442\u044c\u0438 \u043e Steam\" style=\"min-height:;\"><\/div>\n<p style=\"text-align: center;font-style: italic;font-weight: bold;margin-top: -10px\"><em>Malicious app wallpaper downloads by region (<a href=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/13194744\/dozens-of-malicious-wallpapers22.png\" target=\"_blank\" rel=\"noopener\">download<\/a>)<\/em><\/p>\n<h2 id=\"how-to-stay-safe\">How to stay safe<\/h2>\n<p>Our investigation proves that even trusted platforms like the Steam Workshop aren\u2019t completely safe from malware. In most cases, we caught old, familiar threats such as <a href=\"https:\/\/threats.kaspersky.com\/en\/threat\/Backdoor.Win32.DarkKomet\/\" target=\"_blank\" rel=\"noopener\">DarkKomet<\/a>, the <a href=\"https:\/\/securelist.com\/lumma-fake-captcha-attacks-analysis\/116274\/\" target=\"_blank\" rel=\"noopener\">Lumma<\/a> and <a href=\"https:\/\/securelist.com\/how-to-steal-a-million-of-your-data\/91855\/\" target=\"_blank\" rel=\"noopener\">Vidar<\/a> infostealers, and the <a href=\"https:\/\/securelist.com\/renengine-campaign-with-hijackloader-lumma-and-acr-stealer\/118891\/\" target=\"_blank\" rel=\"noopener\">RenEngine<\/a> downloader. Kaspersky solutions can easily spot and block all of these payloads, no matter how clever the packaging is, thanks to our proactive security layers. Here are some of the specific threat detection verdicts assigned to the objects we discovered during our research:<\/p>\n<ul>\n<li>HEUR:Trojan-PSW.Win32.gen<\/li>\n<li>HEUR:Trojan-PSW.Win32.Python.gen<\/li>\n<li>HEUR:Backdoor.Win32.DarkKomet<\/li>\n<li>Trojan-Dropper.Python.Agent<\/li>\n<li>HEUR:Trojan-Ransom.Win32.Gen.gen<\/li>\n<li>PDM:Trojan.Win32.Generic.<\/li>\n<\/ul>\n<p>By the time this post went live, the Steam team had already scrubbed the identified malicious wallpapers and links from the platform. However, given how frequently new infected wallpapers keep popping up on the Steam Workshop, you shouldn\u2019t rely on Steam to catch everything. It\u2019s highly recommended to run an antivirus scan on these types of wallpapers before you actually apply them.<\/p>\n<h2 id=\"indicators-of-compromise\">Indicators of compromise<\/h2>\n<p><strong>MD5<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/95856f2ce428c728d9781d3296558068\/results?icid=gl_sl_post-opentip_sm-team_6da78accc34c5ef0&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">95856f2ce428c728d9781d3296558068<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/af080780cca2acd1d082ce01e7cc346a\/results?icid=gl_sl_post-opentip_sm-team_46d91d76d92d063c&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">af080780cca2acd1d082ce01e7cc346a<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/c133c3dd9f7d6934598025047df41abf\/results?icid=gl_sl_post-opentip_sm-team_a52687e911994dbe&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">c133c3dd9f7d6934598025047df41abf<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/d1693bbff456ae8fa3360446706df6da\/results?icid=gl_sl_post-opentip_sm-team_e3257586c1eee98d&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">d1693bbff456ae8fa3360446706df6da<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/8c2cc585ad8a13a72a704c0fda0c9854\/results?icid=gl_sl_post-opentip_sm-team_b008fe03cd6daa0a&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">8c2cc585ad8a13a72a704c0fda0c9854<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/b9fa763a53da3eea742d0f3c845a8c09\/results?icid=gl_sl_post-opentip_sm-team_4641556e4beec50c&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">b9fa763a53da3eea742d0f3c845a8c09<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/ded08ae5df7f1b12e5fdb767dbbed0b1\/results?icid=gl_sl_post-opentip_sm-team_7a150706aa119629&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">ded08ae5df7f1b12e5fdb767dbbed0b1<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/20965254e29104986e11939decd39549\/results?icid=gl_sl_post-opentip_sm-team_6c3e4d47a4530299&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">20965254e29104986e11939decd39549<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/18dedc0009f0927cba6425c84cce9883\/results?icid=gl_sl_post-opentip_sm-team_204a2c988ffd73eb&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">18dedc0009f0927cba6425c84cce9883<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/0f4f01c6d495abb37403072dd017ce8d\/results?icid=gl_sl_post-opentip_sm-team_48b037a80adcaac9&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">0f4f01c6d495abb37403072dd017ce8d<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/5620f01284329f561b1839a36be55355\/results?icid=gl_sl_post-opentip_sm-team_21da068a06750063&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">5620f01284329f561b1839a36be55355<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/fe1f6485013cd5e6d5cf718049b0b8d6\/results?icid=gl_sl_post-opentip_sm-team_14d28499acbe9b39&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">fe1f6485013cd5e6d5cf718049b0b8d6<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/74414ed4b63aadec039b603c32762b80\/results?icid=gl_sl_post-opentip_sm-team_ca667d5886d0bd5b&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">74414ed4b63aadec039b603c32762b80<\/a><\/li>\n<\/ul>\n<p><strong>C2 servers<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/http%3A%2F%2F202.144.192.29%2F\/results?icid=gl_sl_post-opentip_sm-team_29aaeaeaaa81d6b0&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">http:\/\/202.144.192[.]29<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/http%3A%2F%2F202.144.192.29%2Faudit.php\/results?icid=gl_sl_post-opentip_sm-team_f0cd348a1da1f1ec&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">http:\/\/202.144.192[.]29\/audit.php<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/http%3A%2F%2F202.144.192.29%2Fdownload2%2Fthemes2.zip\/results?icid=gl_sl_post-opentip_sm-team_9f2ed46eafe93d84&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">http:\/\/202.144.192[.]29\/download2\/Themes2.zip<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/http%3A%2F%2F120.48.156.17%2F\/results?icid=gl_sl_post-opentip_sm-team_54be0cf425b81fc2&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">http:\/\/120.48.156[.]17<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/http%3A%2F%2F120.48.156.17%2Fey.php%3Fka%3Duser1%26id\/results?icid=gl_sl_post-opentip_sm-team_7478242add63e875&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">http:\/\/120.48.156[.]17\/ey.php?ka=user1&amp;id<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/http%3A%2F%2Fbrightly.to%2F\/results?icid=gl_sl_post-opentip_sm-team_b14f9f5490a3222e&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">http:\/\/brightly[.]to<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/http%3A%2F%2Fbrightly.to%2Fdownload2%2Fthemes2.zip\/results?icid=gl_sl_post-opentip_sm-team_5cd195d4581bee7d&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">http:\/\/brightly[.]to\/download2\/Themes2.zip<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fwww.dropbox.com%2Fs%2Fzhp1b06imehwylq%2Fsynaptics.rar%3Fdl%3D1\/results?icid=gl_sl_post-opentip_sm-team_6809624df85ed71b&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/www.dropbox[.]com\/s\/zhp1b06imehwylq\/Synaptics.rar?dl=1<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fdocs.google.com%2Fuc%3Fid%3D0bxsmxgfpizfsvzuyahfyvkqxefk%26export%3Ddownload\/results?icid=gl_sl_post-opentip_sm-team_8d2523d039d1c0bb&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/docs.google[.]com\/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&amp;export=download<\/a><\/li>\n<\/ul>\n<p><strong>Malicious wallpapers<\/strong><\/p>\n<ul>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3603213159\/results?icid=gl_sl_post-opentip_sm-team_88e29ff36335fdb1&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3603213159<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3591930233\/results?icid=gl_sl_post-opentip_sm-team_5dcb8ee5c8cc56e9&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3591930233<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3584318845\/results?icid=gl_sl_post-opentip_sm-team_153d1e3e74ac7462&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3584318845<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3436875036\/results?icid=gl_sl_post-opentip_sm-team_291153daf9011d2f&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3436875036<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3633494498\/results?icid=gl_sl_post-opentip_sm-team_925a148e180741ac&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3633494498<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3556591375\/results?icid=gl_sl_post-opentip_sm-team_5b16fe20120117e8&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3556591375<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3635875825\/results?icid=gl_sl_post-opentip_sm-team_a256baef5d50f7f7&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3635875825<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3601924072\/results?icid=gl_sl_post-opentip_sm-team_d15aface203aa940&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3601924072<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3605588743\/results?icid=gl_sl_post-opentip_sm-team_171a9a6de4473ad4&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3605588743<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3553253793\/results?icid=gl_sl_post-opentip_sm-team_8b05d9d1b9ef75bf&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3553253793<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3462675635\/results?icid=gl_sl_post-opentip_sm-team_710c246d4aa4285a&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3462675635<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3605621824\/results?icid=gl_sl_post-opentip_sm-team_9c26b588bb45e045&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3605621824<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3610240788\/results?icid=gl_sl_post-opentip_sm-team_56a544b46a126e6c&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3610240788<\/a><\/li>\n<li><a href=\"https:\/\/opentip.kaspersky.com\/https%3A%2F%2Fsteamcommunity.com%2Fsharedfiles%2Ffiledetails%2F%3Fid%3D3610366547\/results?icid=gl_sl_post-opentip_sm-team_a76f3b277e979d16&amp;utm_source=SL&amp;utm_medium=SL&amp;utm_campaign=SL\" target=\"_blank\" rel=\"noopener\">https:\/\/steamcommunity[.]com\/sharedfiles\/filedetails\/?id=3610366547<\/a><\/li>\n<\/ul>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform\u2019s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine \u2013 a popular live wallpaper app [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[270,90,636,99,232,233,324,1287,503,257],"tags":[91],"class_list":["post-3697","post","type-post","status-publish","format-standard","hentry","category-backdoor","category-cybersecurity","category-lumma","category-malware","category-malware-descriptions","category-malware-technologies","category-miner","category-steam","category-trojan-stealer","category-windows-malware","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform\u2019s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine \u2013 a popular live wallpaper app [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-16T09:04:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk\",\"datePublished\":\"2026-06-16T09:04:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/\"},\"wordCount\":1335,\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg\",\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Backdoor\",\"Cybersecurity\",\"Lumma\",\"Malware\",\"Malware descriptions\",\"Malware Technologies\",\"Miner\",\"Steam\",\"Trojan-stealer\",\"Windows malware\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/\",\"name\":\"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg\",\"datePublished\":\"2026-06-16T09:04:02+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage\",\"url\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg\",\"contentUrl\":\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/","og_locale":"en_US","og_type":"article","og_title":"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk - Imperative Business Ventures Limited","og_description":"Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform\u2019s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine \u2013 a popular live wallpaper app [&hellip;]","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-06-16T09:04:02+00:00","og_image":[{"url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg","type":"","width":"","height":""}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk","datePublished":"2026-06-16T09:04:02+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/"},"wordCount":1335,"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg","keywords":["Cybersecurity"],"articleSection":["Backdoor","Cybersecurity","Lumma","Malware","Malware descriptions","Malware Technologies","Miner","Steam","Trojan-stealer","Windows malware"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/","name":"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage"},"image":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage"},"thumbnailUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg","datePublished":"2026-06-16T09:04:02+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#primaryimage","url":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg","contentUrl":"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/43\/2026\/06\/15123933\/Steam_wallpaper-990x400.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/06\/16\/dozens-of-malicious-wallpapers-found-on-steam-workshop-gamers-accounts-at-risk\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Dozens of malicious wallpapers found on Steam Workshop: gamers\u2019 accounts at risk"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3697","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=3697"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/3697\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=3697"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=3697"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=3697"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}