Dozens of malicious wallpapers found on Steam Workshop


Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine – a popular live wallpaper app available on Steam – specifically leveraging its Workshop sharing feature. The malware is hidden inside the wallpaper packages users share with one another. Running one of these compromised wallpapers can lead to a stolen Steam account or leave the victim’s system infected with backdoors or crypto miners.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Lockbit wins ransomware speed test, encrypts 25,000 files per minute

    March 23, 2022

    Ransomware moves more quickly than most organizations can respond. Though knowing they have a specific limited window should help inform where to put their defenses, according to security data shop Splunk. The vendor’s research team Surge today published research on how long it takes 10 of the big ransomware families including Lockbit, Conti, and REvil to ...

  • Italy’s state railway may have been target of cyber attack

    March 23, 2022

    Italian railway company Ferrovie dello Stato Italiane (FS) said on Wednesday it had temporarily halted some ticket sale services as it feared they had been targeted by a cyber attack. “Since this morning, elements that could be linked to a cryptolocker infection have been detected on the computer network of Trenitalia and RFI,” the company said ...

  • Microsoft confirms it was breached by hacker group

    March 23, 2022

    Microsoft has confirmed it was breached by the hacker group Lapsus$, adding to the cyber gang’s growing list of victims. In a blog post late Tuesday, Microsoft said Lapsus$ had compromised one of its accounts, resulting in “limited access” to company systems but not the data of any Microsoft customers.” Our cybersecurity response teams quickly engaged to ...

  • Corrupted open-source software enters the Russian battlefield

    March 22, 2022

    It started as an innocent protest. Npm, JavaScript’s package manager maintainer RIAEvangelist, Brandon Nozaki Miller, wrote and published an open-code npm source-code package called peacenotwar. It did little except add a protest message against Russia’s invasion of Ukraine. But then, it took a darker turn: It began destroying computers’ file systems. To be exact, Miller added ...

  • Authentication oufit Okta investigating Lapsus$ breach report

    March 22, 2022

    The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company’s internals. The incident follows the group’s claim over the weekend that it had made off with chunks of Microsoft’s code. However, a compromise at Okta could be altogether more serious since the ...

  • Android app with 100,000 downloads contained password-stealing malware, say security researchers

    March 22, 2022

    Google has removed an app with over 1000,000 downloads from its Play Store after security researchers warned that the app was able to harvest the Facebook credentials of smartphone users. Researchers at French mobile security firm Pradeo said the app embeds Android trojan malware known as “Facestealer” because it dupes victims into typing in their Facebook ...