Gamers beware: malicious wallpapers on Steam found stealing accounts
Essential information
- Published
- 16/06/2026 11:50
- Modified
- 16/06/2026 11:18
- Source / Author
- AlienVault
- Confidence
- 100/100
- Report type(s)
- threat-report
- Labels / Tags
- account hijacking credential theft crypto miner darkkomet gaming platform infostealer lumma renengine steam workshop vidar wallpaper engine
- Tags
- 2026-06-16 account hijacking credential-theft crypto-miner darkkomet gaming platform infostealer lumma renengine steam workshop vidar wallpaper engine
- Related entities
- 8 indicators, 8 observables, 20 techniques (mitre), 5 malware, 8 others
Description
Since late 2025, cybercriminals have been exploiting Wallpaper Engine, a popular live wallpaper application on Steam, to distribute malware through Steam Workshop. Attackers target primarily Chinese and Russian gamers by embedding malicious code within application wallpapers shared on the platform. These compromised wallpapers deliver various malware types including infostealers, backdoors, crypto miners, and ransomware. One analyzed sample dropped DarkKomet backdoor while hijacking Steam sessions to steal account credentials. The malware modifies system libraries to locate Steam installations and exfiltrate data to attacker-controlled servers. Compromised accounts are then used to upload additional malicious wallpapers. The diverse malware families suggest multiple independent hacking groups are exploiting this distribution method. Infected wallpapers received thousands of downloads before removal, with 89% of infections occurring in China.