Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine – a popular live wallpaper app available on Steam – specifically leveraging its Workshop sharing feature. The malware is hidden inside the wallpaper packages users share with one another. Running one of these compromised wallpapers can lead to a stolen Steam account or leave the victim’s system infected with backdoors or crypto miners.
Read more…
Source: Kaspersky
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- REvil Ransomware Code Ripped Off by Rivals
June 23, 2021
They say imitation is the sincerest form of flattery: The LV ransomware, a strain that cropped up just this spring, turns out to be based on what is most likely pirated REvil ransomware code, according to researchers. A malware analysis of LV from Secureworks Counter Threat Unit (CTU) found that its operators (which it calls Gold ...
- How to confuse antimalware neural networks. Adversarial attacks and protection
June 23, 2021
Nowadays, cybersecurity companies implement a variety of methods to discover new, previously unknown malware files. Machine learning (ML) is a powerful and widely used approach for this task. At Kaspersky we have a number of complex ML models based on different file features, including models for static and dynamic detection, for processing sandbox logs and ...
- NukeSped Copies Fileless Code From Bundlore, Leaves It Unused
June 22, 2021
While investigating samples of NukeSped, a remote access trojan (RAT), Trend Micro came across several Bundlore adware samples using the same fileless routine that was spotted in NukeSped. The backdoor has been attributed to the cybercriminal group Lazarus, which has been active since at least 2014. There are multiple variants of NukeSped, which is designed ...
- Ever101 ransomware payment traced to a sensual massage site
June 22, 2021
A ransomware targeting an Israeli company has led researchers to track a portion of a ransom payment to a website promoting sensual massages. The attack was conducted by a more recent ransomware operation known as Ever101 who compromised an Israeli computer farm and proceeded to encrypt its devices. Read more… Source: Bleeping Computer
- Email Bug Allows Message Snooping, Credential Theft
June 22, 2021
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by ...
- North Korean Kimsuky hacking group allegedly behind breach of South Korean nuclear institute
June 21, 2021
A North Korean hacking group with a history of high-profile attacks against South Korea allegedly breached the network of South Korea’s state-run nuclear research institute last month. Representative Ha Tae-keung of the People Power Party, South Korea’s main opposition party, claimed 13 unauthorised IP addresses accessed the internal network of Korea Atomic Energy Research Institute (KAERI) ...

