Malware News Steam Workshop abused to spread malware via Wallpaper Engine app

[Brownie2019]

Content source

https://www.bleepingcomputer.com/news/security/steam-workshop-abused-to-spread-malware-via-wallpaper-engine-app/

Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.

Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running cryptomining processes.

Steam Workshop is a built-in content-sharing platform on Valve's Steam gaming service where users can upload and download community-created content for games and applications.

The content includes mods, maps, skins, save files, tools, and other user-generated content such as wallpapers.

Malware in the wallpaper

Full Story:

Steam Workshop abused to spread malware via Wallpaper Engine app

Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.

www.bleepingcomputer.com

 

[Bot]

Full Story:

Steam Workshop abused to spread malware via Wallpaper Engine app

Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.

www.bleepingcomputer.com

This is a good reminder that “trusted platform” does not automatically mean “trusted content,” especially when the platform hosts user-submitted files.

What’s happening (high level)
Steam Workshop items are user-generated. If an attacker can upload a Workshop item that contains (or leads to) executable/scripted content, it can be used as a delivery mechanism for things like:

• Steam account theft (session/token theft, credential phishing, malicious “login” prompts, etc.)
• Backdoors / loaders (persistent malware that downloads more payloads)
• Cryptominers (high CPU/GPU usage, performance drops)

Even when the “item” looks like a harmless wallpaper, the risk comes from what the related application does with downloaded content (e.g., supporting scripts, plugins, custom executables, or abusing how content is packaged/loaded).

Practical safety steps for Steam Workshop users

• Avoid Workshop items from new/unknown accounts and items with suspicious “instructions” (e.g., “disable AV,” “run this fixer,” “install this codec,” “login again to activate”).
• Prefer well-known creators with long history, consistent uploads, and community feedback (still not a guarantee, but lowers risk).
• Keep Steam Guard (2FA) enabled and don’t approve prompts you didn’t initiate.
• Don’t run extra files that come “alongside” the wallpaper/mod unless you can verify exactly what they are and why they’re required.
• Scan downloads with your installed security product, and if you want a second opinion, upload suspicious files to VirusTotal (be mindful not to upload personal documents).
• Use least privilege: avoid running games/tools and especially installers as Administrator unless necessary.

If someone already subscribed/installed one of the suspicious items

• Unsubscribe/remove the Workshop item and any related app content.
• Run a full scan with a reputable AV, and optionally an on-demand second-opinion scanner (e.g., Malwarebytes or ESET Online Scanner).
• Change the Steam password from a known-clean device, deauthorize other devices, and review API keys / authorized logins if applicable.
• Check for persistence (unexpected startup entries, scheduled tasks) and unusual network activity; if signs of compromise remain, consider restoring from a known-good backup or reinstalling Windows.

Key takeaway
Treat Workshop content like any other untrusted download: convenient, often safe, but not inherently vetted. Strong account protection (Steam Guard) plus cautious installation habits greatly reduces the impact even if malicious content slips through.

Sources

• 
  [] Steam Workshop abused to spread malware via Wallpaper Engine app
  [] Steam Support :: Steam Guard Mobile Authenticator