All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Malware spreading through Steam Workshop wallpapers targets gamers in China and Russia

By

Maxim Starodubov

23h ago· 9 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

If you only eat one bagel today, this is the bagel.

Score100TypenewsSentimentnegative

Summary

Since late 2025, malware has been spreading through Steam Workshop via Wallpaper Engine's live wallpaper sharing feature. Attackers are targeting gamers in China and Russia, hiding infostealers like DarkKomet, Lumma, and Vidar inside wallpaper packages. Running a compromised wallpaper can lead to stolen Steam accounts.

Key quotes

· 5 pulled
Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content.
The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts.
The malware is hidden inside the wallpaper packages users share with one another.
Running one of these compromised wallpapers can lead to a stolen Steam account.
In most cases, we caught old, familiar threats such as DarkKomet, the Lumma and Vidar infostealers.
Snippet from the RSS feed
Since late 2025, malware has been spreading rapidly through the Steam Workshop. In most cases, we caught old, familiar threats such as DarkKomet, the Lumma and Vidar infostealers.

You might also wanna read

Kaspersky discovers malware campaign on Steam's Wallpaper Engine targeting user accounts

Cybersecurity firm Kaspersky has discovered a malware campaign on Steam's popular Wallpaper Engine app, where hackers hid malicious software

dexerto.com·4h ago

WordPress malware campaign hides payloads in Steam profiles

bleepingcomputer.com·14d ago

Russia-Aligned Hackers Exploit Unpatched WinRAR Vulnerability Against Ukrainian Organizations

Two Russia-aligned cyberattack campaigns are actively exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR patched in July 202

trendmicro.com·8d ago

Russia-Aligned Hackers Exploit Patched WinRAR Flaw in Cyberattacks on Ukrainian Military and Government

Russia-aligned threat groups (Shadow-Earth-066 and Earth Dahu/Gamaredon) are actively exploiting a high-severity WinRAR vulnerability (CVE-2

darkreading.com·7d ago

Glassworm group: Software supply-chain attackers, suspected of being based in Russia, get disrupted by CrowdStrike, Google and Shadowserver Foundation, despite their efforts to maintain a highly resil

databreachtoday.com·19d ago

North Korean Group Famous Chollima Compromises Packagist Package to Target PHP Developers

A cybersecurity threat report detailing how the threat actor group "Famous Chollima" (linked to North Korea) targeted PHP developers by comp

hendryadrian.com·16d ago