Wallpaper Engine Could Give You Malware

Steam users are being warned to take extra care when downloading custom wallpapers after researchers discovered malware hidden inside Wallpaper Engine Workshop uploads.

Cybersecurity company Kaspersky says attackers have been disguising malicious software as ordinary animated wallpapers. Some of the infected uploads reportedly received thousands, and in certain cases tens of thousands, of downloads before they were detected.

The malware was built to steal account details and other sensitive information stored on infected computers.

Malware was hidden inside working wallpapers

According to Kaspersky, the campaign has been active since late 2025 and mainly targeted Wallpaper Engine users in China and Russia.

However, victims were also identified in Germany, India, Singapore, Canada, Hong Kong, and Vietnam, suggesting the infected downloads were available to users across several regions.

Steam itself was not hacked. Instead, the attackers abused Wallpaper Engine’s user-generated Workshop system by uploading content that appeared harmless.

Some of the infected wallpapers reportedly worked as advertised, making the threat harder to notice. While the animated background played normally, malicious activity could take place quietly in the background.

Why Wallpaper Engine downloads can be risky

Wallpaper Engine is commonly used to add animated and interactive backgrounds to Windows desktops. Most Workshop uploads are harmless, but certain wallpaper types can include programs or scripts that run on the computer.

That added functionality gives attackers an opportunity to hide malware inside downloads that look legitimate at first glance.

Users should be particularly cautious with uploads from unknown creators, especially when a wallpaper requests additional files, launches an application, or behaves differently from a standard background.

How Steam users can protect their accounts

Kaspersky recommends checking the creator’s profile and reputation before installing any Wallpaper Engine content. Reviews, comments, upload history, and community feedback can also help identify suspicious downloads.

Users should keep their security software enabled and avoid installing wallpapers from creators with little activity or no established history.

Anyone who believes they may have downloaded an infected wallpaper should remove it and run a full system malware scan.

Passwords for important accounts should also be changed, particularly for Steam, email accounts, and any payment services connected to them. Enabling two-factor authentication can provide another layer of protection if login details have already been exposed.