Warning all weebs: Kaspersky says hackers are distributing malware via anime girl wallpapers on Steam Workshop's Wallpaper Engine

Kaspersky researchers have flagged a malware distribution campaign targeting Wallpaper Engine users on Steam Workshop. Hackers are embedding malicious code into anime girl wallpapers, exploiting the popular customization tool's user base of millions.

The attack works by hosting infected wallpaper files in the Steam Workshop marketplace. When users download and apply these seemingly innocent anime wallpapers through Wallpaper Engine, the malware executes in the background. Kaspersky detected the scheme and traced it to threat actors distributing info-stealers and other malicious payloads designed to harvest credentials and sensitive data from infected machines.

Wallpaper Engine, developed by Julien Matthey, has amassed a massive community on Steam Workshop where users share custom wallpapers. The platform's accessibility and Steam's enormous audience made it an attractive vector for distribution. The anime aesthetic specifically targets a dedicated demographic known for heavy engagement with community-created content, making the social engineering angle particularly effective.

The malware campaign demonstrates how legitimate platform features can be weaponized when security oversight remains insufficient. While Kaspersky alerted Valve, the incident highlights the ongoing cat-and-mouse game between malware authors and platform moderators. Valve relies partly on user reports and automated scanning, but sophisticated threats sometimes slip through.

For Wallpaper Engine users, the immediate recommendation is verifying file authenticity before installation and avoiding wallpapers from unknown creators. Many reputable creators maintain established profiles with extensive download histories and positive reviews, making them safer bets than brand-new or suspiciously generic submissions.

This isn't the first time Steam Workshop has hosted malware. Previous campaigns have targeted Counter-Strike 2, Team Fortress 2, and other workshop-enabled titles. The vulnerability stems from the marketplace's scale and the difficulty of manually vetting thousands of daily submissions. Kasper