Criminals have been distributing malware via Steam since 2025, tens of thousands affected

Serving tech enthusiasts for over 25 years.

TechSpot means tech analysis and advice you can trust.

WTF?! According to Kaspersky, cybercriminals have been targeting Steam users with a sustained malware campaign since 2025, distributing malicious software disguised as desktop wallpapers. The attack hijacked the accounts of gamers using Steam's live wallpaper application Wallpaper Engine, which ranks among the platform's most popular non-game downloads.

The attack reportedly abused Wallpaper Engine's "Application Wallpaper" executable, which runs as a standalone Windows program and can include community-developed games, planners, calendars, system monitors, and other widgets. However, because the app allows unverified third-party code to run on users' systems, it can be abused by threat actors to target unsuspecting users.

The researchers found that the attackers used two primary methods to distribute malware. The first involved archives containing the executable wallpaper alongside a malicious payload, typically including compromised .exe files, DLLs, or scripts. The malware was also frequently concealed within password-protected archives and executed automatically when the wallpaper was applied.