- Malware hidden in Steam Workshop wallpaper downloads is stealing crypto wallet data and installing hidden miners.
- The campaign uses infostealers like Lumma and Vidar to target wallets from MetaMask, Electrum, and Exodus.
- Some packages were downloaded tens of thousands of times before being removed by Steam.
- Security researchers believe multiple individual actors, not a single group, are behind the attacks.
Hackers are exploiting Valve’s popular Steam Workshop platform, using malicious wallpaper downloads to infect computers and steal cryptocurrency, Kaspersky.com/about/press-releases/kaspersky-discovered-a-malware-campaign-targeting-steam-users-through-infected-wallpaper” target=”_blank” rel=”noreferrer noopener”>according to Cybersecurity firm Kaspersky. The operation relies on the Wallpaper Engine app to deliver malware capable of extracting wallet information and secretly mining crypto. Consequently, unsuspecting gamers seeking custom backgrounds are putting their digital assets at serious risk.
The malware packages contained notorious infostealers such as Lumma and Vidar. For instance, the Lumma stealer is Microsoft.com/en-us/security/blog/2025/05/21/lumma-stealer-breaking-down-the-delivery-techniques-and-capabilities-of-a-prolific-infostealer/” target=”_blank” rel=”noreferrer noopener”>specifically capable of targeting browser extensions and local files for wallets like MetaMask and Exodus. Meanwhile, the ReEngine loader, also found in the wallpapers, has a history in pirated games and possesses similar data extraction capabilities.
Some hidden payloads installed crypto miners that often ran undetected. However, a noticeable slowdown in computer performance could be a telltale sign of such illicit activity. The infected wallpaper packages garnered thousands of downloads each, with users in China and Russia being the most affected.
This campaign is likely the work of multiple individual bad actors leveraging the trusted Steam ecosystem. Fortunately, Steam has reportedly removed all the identified malicious content. This incident follows a pattern of malware hiding in seemingly innocuous software, such as a 2023 fan-made Super Mario game that also stole data and mined crypto.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
