Skip to content
Tech News
← Back to articles

Gamers beware: malicious wallpapers on Steam found stealing accounts

2026-06-16 | original
read original more articles
Why This Matters

Malicious wallpapers on Steam's Wallpaper Engine pose a significant threat to gamers by enabling account theft and system infections through embedded malware. This highlights the growing risks associated with user-generated content platforms and the importance of vigilant security practices for consumers and the industry alike.

Key Takeaways

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform’s built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are exploiting Wallpaper Engine – a popular live wallpaper app available on Steam – specifically leveraging its Workshop sharing feature. The malware is hidden inside the wallpaper packages users share with one another. Running one of these compromised wallpapers can lead to a stolen Steam account or leave the victim’s system infected with backdoors or crypto miners.

What is Wallpaper Engine?

Wallpaper Engine is an app that allows you to put animated wallpapers on your desktop. It’s available for both Windows and Android, though our investigation focused strictly on the Windows version. Thanks to a massive Steam community, the app is quite popular, boasting around 100,000 daily active users and nearly a million reviews. It comes with a built-in editor so users can create their own designs, and it supports a few different wallpaper types:

Videos: MP4, WebM, and other common video formats

Scenes: interactive wallpapers built inside the app’s own editor

Web pages: HTML pages powered by JavaScript and CSS, which can also include audio and video elements

Applications: active windows from third-party Windows-compatible software that Wallpaper Engine sets as the user’s desktop background

That last type, application wallpapers, is where things get risky, because these are essentially standalone programs. They can be anything from mini-games you play right on your desktop, to planners, calendars, system monitors, or widgets tracking your CPU or GPU usage.

Application wallpapers: a built-in security risk

The whole concept of “application wallpapers” essentially allows foreign code to be run directly on your computer. Cybercriminals took note of this feature and started embedding malware right into these types of wallpapers. Because Wallpaper Engine relies on Steam Workshop for content sharing, anyone can create a wallpaper and publish it for the community to download and install for free. Naturally, this setup is a magnet for bad actors.

... continue reading

Explore topics: steam wallpaper engine malware account hijacking workshop
Related:
Around a fifth of Steam Next Fest demos have a generative AI disclosure
New Rokarolla Android malware targets 217 banking, crypto apps
'Lorem Ipsum' Malware Pivots to ClickFix Delivery
Steam Workshop abused to spread malware via Wallpaper Engine app
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware

© 2026 GoKawiil

About | Editorial Policy | Contact