Dozens of malicious wallpapers found on Steam Workshop


Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine – a popular live wallpaper app available on Steam – specifically leveraging its Workshop sharing feature. The malware is hidden inside the wallpaper packages users share with one another. Running one of these compromised wallpapers can lead to a stolen Steam account or leave the victim’s system infected with backdoors or crypto miners.

Read more…
Source:  Kaspersky


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Microsoft confirms presence of PrintNightmare vulnerable code in all versions of Windows

    July 2, 2021

    Microsoft has assigned CVE-2021-34527 to the print spooler remote code execution vulnerability known as “PrintNightmare” and confirmed that the offending code is lurking in all versions of Windows. The megacorp said it was still investigating whether the vulnerability was exploitable in every version, but domain controllers are indeed affected. Microsoft also confirmed that this nasty was distinct ...

  • CISA: Kaseya VSA Supply-Chain Ransomware Attack

    July 2, 2021

    CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers. Source: Cybersecurity and Infrastructure Security Agency KASEYA VSA Important Notice July 2nd, 2021 KASEYA VSA ...

  • Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks

    July 2, 2021

    The healthcare industry is under attack like never before. What started as a surge in criminal activity during the early days of the coronavirus pandemic has now metastasized into a full-blown crisis within the healthcare industry worldwide. The recent disruptive ransomware attacks on Scripps Health in San Diego, Ireland’s national health service and Waikato hospitals in ...

  • TrickBot Spruces Up Its Banking Trojan Module

    July 2, 2021

    The TrickBot trojan is adding man-in-the-browser (MitB) capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks. TrickBot is a sophisticated (and common) modular threat known for stealing credentials and delivering a range of follow-on ransomware and other malware. But it started ...

  • Australian Cyber Security Centre Annual Cyber Threat Report 2020-21

    July 1, 2021

    The ACSC Annual Cyber Threat Report 2020–21 has been produced by the Australian Cyber Security Centre, with contributions from the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO), The Department of Home Affairs and industry partners. The report covers the financial year from 1 July 2020 to 30 June 2021. ...

  • NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign

    July 1, 2021

    FORT MEADE, Md. – The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the UK’s National Cyber Security Centre (NCSC) released a Cybersecurity Advisory today exposing malicious cyber activities by Russian military intelligence against U.S. and global organizations, starting from mid-2019 and likely ongoing. This advisory is ...