New Wallpaper Download Scam Drains Wallets, Already Reaches Singapore
A cybersecurity finding has revealed that many anime-themed background images or animated wallpapers for computers circulating on popular platforms actually conceal malicious programmes capable of stealing user account login data and cryptocurrency assets. A recent report from cybersecurity firm Kaspersky identified a number of dangerous wallpaper packages distributed on the Steam Workshop. The content is disguised as legitimate and attractive artwork, but hidden within are data stealers, system backdoors, and other programmes aimed at taking control of devices. The attackers exploit a feature in the Wallpaper Engine service that allows certain programmes to run directly on the Windows operating system. This enables them to insert malicious software into content that appears harmless. Dozens of infected wallpaper packages have been discovered so far, with some having been downloaded thousands or even tens of thousands of times by users. The types of malware being spread include data stealers named Lumma and Vidar, which are often used to record account login information, data stored in internet browsers, and details of cryptocurrency wallets. Additionally, a loader programme called RenEngine was found, which functions to execute malicious code behind the scenes. Researchers suggest this attack is likely carried out by multiple hacker gangs, not just a single party. The distribution methods vary. Some directly include the malicious programme within the installation package, while others hide it inside password-encrypted archives that only open and run automatically after the user completes the installation process. A similar case was also recorded in 2025, where a wallpaper appeared to launch a normal game but secretly installed a backdoor named DarkKomet into the system. The most heavily affected regions are users in China and Russia, although infection cases have also been found in Singapore, Hong Kong, Germany, Vietnam, India, and Canada. “Trusted platforms are often misused to spread malicious programmes. This attack relies on users’ trust in content available within environments considered legitimate,” said Kaspersky researcher Maxim Starodubov. “Although the types of malware used are already quite well-known, the delivery method via seemingly safe content allows attackers to reach many potential victims at once.” This case adds to a growing list of security incidents involving the Steam service. Previously, in July 2025, security firm Prodaft reported that a game called Chemia available on the early access service had been infiltrated to spread the same data-stealing programme. In March of the same year, the FBI also announced an investigation into several other games on the platform suspected of being a means of distributing malicious programmes. Experts remind users to be more cautious even when downloading content from widely recognised sites or services. It is advisable to check reviews and the reputation of content creators, avoid opening additional files of unclear origin, and ensure device security systems are always updated to reduce the risk of data and financial asset theft.