GoKawiilThreat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.
Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running cryptomining processes.
Steam Workshop is a built-in content-sharing platform on Valve's Steam gaming service where users can upload and download community-created content for games and applications.
The content includes mods, maps, skins, save files, tools, and other user-generated content such as wallpapers.
Malware in the wallpaper
In a report today, researchers at cybersecurity company Kaspersky say that the attacks abuse the Wallpaper Engine desktop customization application available on Steam, which has nearly a million reviews.
Wallpaper Engine supports four wallpaper types that render videos, interactive scenes, web pages that can play audio and video, and applications, which are active windows from software that Wallpaper Engine sets as the desktop background.
Application wallpapers are executable Windows applications that can include games, desktop widgets, and system monitoring tools. Kaspersky warns that the feature represents a built-in security risk and has been abused to deliver malware to Steam users.
According to the researchers, attackers took advantage of this security gap since at least late 2025, uploading malicious wallpaper files to the Steam Workshop and tricking users into installing them through Wallpaper Engine.
"We discovered dozens of these malicious application wallpapers floating around Steam Workshop, and each one had already been downloaded thousands – or even tens of thousands – of times," Kaspersky notes.
... continue reading