Loading prices…
Zipp Zipp Advertise
Sign up Sign in
🩸BEARISH WuBlockchain

Hackers hijack Steam Wallpaper Engine to steal crypto wallets

Kaspersky traces thousands of malicious Steam Workshop downloads posing as animated wallpapers — the payload is Lumma and Vidar infostealers that drain browser data, logins and wallet seed phrases.

Attackers are abusing Steam Workshop through Wallpaper Engine, one of Steam's most popular live-wallpaper apps, to distribute malicious downloads disguised as animated wallpapers. Many of the fake listings use anime-style female characters as cover art, with several reaching thousands or tens of thousands of installs before takedown.

Why it matters

Kaspersky researchers said the malicious wallpapers can steal Steam credentials, hijack active account sessions, and drop infostealers including Lumma and Vidar. Those payloads are built to scrape browser data, harvest login credentials and exfiltrate crypto wallet information — including seed phrases and browser-extension wallet contents. The vector matters because Steam Workshop is treated by most users as a trusted surface inside a closed client, which raises the success rate well above a typical phishing page.

Market impact

For crypto users the practical risk is direct wallet drain rather than token-price movement — but any campaign that scales to tens of thousands of installs inside Steam's install base widens the surface for seed-phrase theft across the retail crypto audience. Wallpaper Engine has already begun removing the offending items; users should treat any newly installed animated wallpaper as untrusted until its workshop page and uploader are verified.

Source: [Anime Girls Could Steal Your Crypto as Wallpaper Malware Targets Steam Gamers — Decrypt](https://decrypt.co/371632/anime-girls-steal-crypto-wallpaper-malware-targets-steam-gamers)

#Steam#WallpaperEngine#Infostealer#CryptoWallet

Frequently asked questions

  1. What is Wallpaper Engine and how is it being abused?

    Wallpaper Engine is a popular Steam app that lets users install animated wallpapers from the Steam Workshop. Attackers are uploading malicious files disguised as animated wallpapers — many with anime-style cover art — that install infostealers on the victim's machine once executed.

  2. Which malware families are being delivered?

    Kaspersky identified Lumma and Vidar infostealers as the primary payloads. They are designed to scrape browser data, harvest login credentials, and steal crypto wallet information including seed phrases and browser-extension wallet contents.

  3. How many users have been affected so far?

    Several malicious wallpaper listings reached thousands or tens of thousands of installs on Steam Workshop before being taken down. The exact combined victim count is not disclosed, but the scale is well beyond a typical malware campaign.

  4. Can the malware steal crypto even without a browser wallet extension?

    Yes. Lumma and Vidar are general-purpose infostealers that target browser-stored credentials, local wallet files, and seed phrases saved on disk. Users running full-node wallets or hardware-wallet software on the same machine can also be exposed if seed phrases are stored locally.

  5. What should Steam users do right now?

    Wallpaper Engine has begun removing the offending items. Users should verify the uploader and workshop page of any animated wallpaper they recently installed, run a full antivirus scan, and rotate passwords and seed phrases for any crypto wallets accessed from the affected machine.

Source attribution
Aggregated from WuBlockchain · Verified · Last refreshed 1h ago
Open original →

More from Security

Stories our editors think pair well with this one.

Older in Security

Catch up on earlier coverage from this beat.