Steam Users at Risk: Malware Campaign Targets Sensitive Data

Cybersecurity researchers have discovered a growing campaign of malware distribution on Steam Wallpaper Engine. Attackers are using this platform to upload and distribute malicious animated wallpapers disguised as legitimate content, often featuring anime-style characters.

The malware, linked to well-known information-stealing families such as Lumma Stealer and Vidar Stealer, can extract sensitive data including Steam account usernames and passwords, login session cookies, saved browser credentials, autofill data, and cryptocurrency wallet information. This campaign is particularly concerning for digital asset users, as stolen credentials can lead to direct financial losses.

The attackers are exploiting the trust in Steam Workshop content, which often involves automatic or low-risk downloads. Users are advised to only download wallpapers from verified creators, avoid newly uploaded items with low reputation history, and regularly review installed Steam Workshop subscriptions.