Kaspersky has identified a sophisticated malware campaign exploiting Steam Workshop to target cryptocurrency holders and gamers. Attackers are distributing malicious Wallpaper Engine downloads disguised as animated anime desktop backgrounds. These files contain executable code capable of hijacking active sessions and deploying Lumma and Vidar infostealers.
The malware targets browser data, login credentials, and crypto wallet information. Some packages bundle payloads directly, while others hide malware in password-protected archives that unpack post-installation. Kaspersky researchers confirmed multiple threat actors are involved, with some infected wallpapers accumulating tens of thousands of downloads before detection.
Victims are primarily located in China and Russia, though infections have surfaced in Germany, Canada, Singapore, and India. This campaign highlights vulnerabilities in trusted digital ecosystems where user-generated content bypasses traditional security vetting.
This incident follows a broader trend of gaming platform exploitation. The FBI recently investigated similar malware distribution through Steam Early Access titles. Cybersecurity experts warn that legitimate platforms are increasingly abused to deliver financial malware under the guise of harmless entertainment content.