Cybercriminals have been distributing malware via Steam for a year, tens of thousands affected

DragonSlayer101

Posts: 983   +14
Staff
WTF?! According to Kaspersky, cybercriminals have been targeting Steam users with a sustained malware campaign since 2025, distributing malicious software disguised as desktop wallpapers. The attack hijacked the accounts of gamers using Steam's live wallpaper application Wallpaper Engine, which ranks among the platform's most popular non-game downloads.

The attack reportedly abused Wallpaper Engine's "Application Wallpaper" executable, which runs as a standalone Windows program and can include community-developed games, planners, calendars, system monitors, and other widgets. However, because the app allows unverified third-party code to run on users' systems, it can be abused by threat actors to target unsuspecting users.

The researchers found that the attackers used two primary methods to distribute malware. The first involved archives containing the executable wallpaper alongside a malicious payload, typically including compromised .exe files, DLLs, or scripts. The malware was also frequently concealed within password-protected archives and executed automatically when the wallpaper was applied.

Once applied, the infected executables stole users' account credentials, hijacked live sessions, and transmitted the stolen data to servers controlled by the attackers. The researchers discovered dozens of malicious application wallpapers on Steam Workshop, some of which were downloaded tens of thousands of times.

To test the attackers' modus operandi, the researchers launched a wallpaper containing a malicious game called NTRaholic, which ran "flawlessly." The gameplay and controls worked as advertised, raising no suspicion at first glance. However, unbeknownst to the user, the wallpaper dropped a backdoor called Synaptics.exe, part of the notorious DarkKomet malware family.

The executable that launched the game was named ._cache_GAME1.exe, but it also installed a system library called AggregatorHost.dll, which contained a malicious payload designed to steal user data and transmit it to the attackers' command-and-control server. Once the attackers gained control of the active session, they used the compromised account to upload additional malicious wallpapers to Steam Workshop.

The campaign primarily targeted gamers in China, who accounted for 89% of the compromised downloads. Users in Germany, Canada, Russia, Singapore, Hong Kong, Vietnam, and India were also affected, though in much smaller numbers. Steam has since removed all of the malicious wallpapers, but Kaspersky is still urging users to run antivirus scans before applying wallpapers that include built-in executables.

Permalink to story:

 
Steam, like any other distribution platform, can be misused to spread malware. I vaguely remember a similar article 6 months to a year ago about a different game, maybe a crypto malware. In any case, I'm a bit surprised we haven't seen more cases/news of malware being distributed via Steam than we have, it seems like a juicy target for malware operators to use.
 
Steam, like any other distribution platform, can be misused to spread malware. I vaguely remember a similar article 6 months to a year ago about a different game, maybe a crypto malware. In any case, I'm a bit surprised we haven't seen more cases/news of malware being distributed via Steam than we have, it seems like a juicy target for malware operators to use.
Well, probably because Valve does do it's due diligence to keep it's platform clean. But that doesn't mean that they're perfect.
 
Well, probably because Valve does do it's due diligence to keep it's platform clean. But that doesn't mean that they're perfect.
Yeah. With the number of games that need admin privileges to install drivers or .NET frameworks or whatever other software-on-the-side it needs to run, it just surprises me that more hasn't slipped through the cracks, seems like it would be a nightmare to screen everything. I suspect with the AI generated games becoming more common we will see more attempts at getting through these security barriers.
 
Wallpaper downloads have been compromising the weakly skilled for over 30 years now. Raise your kids stronger.
 
Big hell no. Not only do apps like this leach memory/cpu from the system they are often targets of malware, as are widgets.
 
I tired the program like 10 years ago or more. My reaction was "meh" and uninstalled it after a day. I don't understand people who load down their systems. I want every FPS I can get with no stuttering, so if it doesn't help with that goal, b-bye...
 
Back