Steam Workshop malicious wallpaper malware distribution campaign
Campaign
Summary
Hide ▲
Show ▼
A Steam Workshop campaign has used malicious wallpaper uploads to deliver malware to Steam users, creating a broad infection risk across the platform since late 2025. The operation has spread through Wallpaper Engine and has been linked to backdoors, credential theft, cryptominers, and other payloads. Steam has removed identified uploads, but new malicious packages are likely to keep appearing.
Related Happenings
Steam Workshop Wallpaper Engine malware delivery operation
Malware Activity
H score38
First: 16.06.2026 21:27
Last: 16.06.2026 21:27
Sources 1
How related:
Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.
About this happening:
Malicious **Steam Workshop** wallpaper packages are being used to install **backdoors**, steal **Steam credentials**, and launch **cryptomining** on users' systems, expanding a lo...
Steam Workshop Wallpaper Engine malware delivery operation
Malware ActivityHow related: Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages.
About this happening: Malicious **Steam Workshop** wallpaper packages are being used to install **backdoors**, steal **Steam credentials**, and launch **cryptomining** on users' systems, expanding a lo...
WordPress malware hides C2 data in Steam Community comments
Malware Activity
H score16
First: 01.06.2026 20:04
Last: 01.06.2026 20:04
Sources 1
About this happening:
A **WordPress malware** operation has been uncovered on **approximately 1,980 websites**, raising the risk of hidden **command-and-control (C2)** traffic and persistent page injec...
WordPress malware hides C2 data in Steam Community comments
Malware ActivityAbout this happening: A **WordPress malware** operation has been uncovered on **approximately 1,980 websites**, raising the risk of hidden **command-and-control (C2)** traffic and persistent page injec...
Timeline
-
16.06.2026 21:27 2 articles · 1h ago
Steam Workshop malicious wallpaper malware distribution campaign
Initial DisclosureSince **late 2025**, attackers have been uploading malicious wallpaper files to **Steam Workshop** and using **Wallpaper Engine** to get users to install them. Early packages already showed automated payload execution and hidden malware delivery.
Show sources
- Steam Workshop abused to spread malware via Wallpaper Engine app — www.bleepingcomputer.com — 16.06.2026 21:27
- Steam Workshop abused to spread malware via Wallpaper Engine app — www.bleepingcomputer.com — 16.06.2026 21:27