Reports from multiple outlets say threat actors are abusing Steam Workshop to spread malware using the Wallpaper Engine ecosystem. According to cybersecurity reporting cited by outlets, malicious files are being packaged and uploaded in ways that make them appear to be legitimate wallpaper content. These wallpaper packages are then delivered through Steam Workshop, Valve’s community platform for sharing game-related and other downloadable content.
The Bleeping Computer report states that malware is hidden within wallpaper packages distributed via Steam Workshop. TechRadar similarly warns that Wallpaper Engine content can carry malicious code when downloaded from abused sources. pcgamesn.com adds that Kaspersky has identified this activity and that attackers include malware in Wallpaper Engine packages available on Steam Workshop.
Some reporting also notes that the broader impact includes the potential for account compromise, alongside malware distribution. Across the accounts, the common theme is that users who download wallpaper content through Steam Workshop are exposed if they select or subscribe to maliciously prepared packages, emphasizing the need for caution around third-party uploads.
