Threat actors are abusing Steam Workshop and Wallpaper Engine to hide malware inside malicious wallpaper packages that users download from Valve’s platform. These infected wallpapers have been used to steal Steam credentials, deploy backdoors like DarkKomet, and run other threats including Lumma, Vidar, cryptominers, botnet loaders, RanEngine, and ransomware. #SteamWorkshop #WallpaperEngine #Kaspersky #DarkKomet #Lumma #Vidar #Steam
Keypoints
- Attackers are hiding malware inside wallpaper packages on Steam Workshop.
- Wallpaper Engine’s application wallpapers can execute malicious Windows applications.
- Some infected wallpapers install the DarkKomet backdoor and steal Steam credentials.
- Kaspersky also found Lumma, Vidar, cryptominers, botnet loaders, and RanEngine in these attacks.
- Steam removed the identified malicious wallpapers, but new ones are likely to appear.