Hidden Dangers: How Malicious Anime Wallpapers & Steam Workshop Files Steal Your Data

Kaspersky and other security researchers identified malware distributed through anime-themed wallpapers on the Steam Workshop as of June 21, 2026. The malicious content targets Wallpaper Engine users to steal personal data and hijack Steam accounts, according to reports from detikInet and Coinfomania.

The attack leverages the Steam Workshop, a hub for user-generated content, to distribute payloads. Attackers upload wallpapers featuring anime characters to attract a specific demographic of users. When a user downloads and applies these wallpapers via the Wallpaper Engine software, the malware executes on the system, according to Kompas.com.

How are anime wallpapers stealing Steam accounts?

The malware operates by disguising itself as a legitimate visual asset within the Steam ecosystem. Once the infected wallpaper is active, it initiates a process to hijack the user’s Steam account. Kompas.com reports that this allows attackers to gain unauthorized access to the victim’s library and personal account details.

Tandaseru.id notes that the desktop wallpaper serves as a covert delivery tool. By embedding the malicious code within the wallpaper files, hackers can bypass the suspicion of users who believe they are only downloading a decorative background.

What specific threats did Kaspersky identify?

Kaspersky discovered that dangerous malware is infiltrating user systems specifically through the Steam Workshop, as reported by Akses.co.id. The primary goal of these infiltrations is the theft of sensitive data from the infected host machine.

The reported malware focuses on data exfiltration, targeting credentials and personal information stored on the computer. This allows the attackers to move beyond the Steam account and potentially compromise other linked services or financial information.

Why is the Steam Workshop being targeted?

The Steam Workshop provides a high-trust environment where users routinely download community-created mods and assets. Coinfomania reports that WuBlockchain highlighted how hackers specifically leveraged the popularity of Wallpaper Engine to reach a broad audience.

This distribution method is effective because it avoids traditional software installation prompts that often trigger security warnings. Users perceive the Workshop as a vetted ecosystem, which lowers their guard when importing new content into their software.

The use of anime themes acts as a social engineering lure. By targeting a popular aesthetic, attackers increase the likelihood that users will download the malicious file without performing a security check.

How does this differ from previous Steam threats?

This incident contrasts with typical Steam-related scams, such as phishing links sent via direct messages or fake “skin” gambling sites. While those methods require the user to visit an external website or provide a password, this attack occurs within the official Steam Workshop interface.

The reliance on Wallpaper Engine creates a technical vulnerability where a visual asset can execute code. This shifts the threat from social engineering via chat to a supply-chain style attack where the “product” itself is the weapon.

The scale of the risk is tied to the volume of user-generated content. Because thousands of assets are uploaded daily, manual vetting by Steam is difficult, leaving a gap that security firms like Kaspersky must identify after the malware has already reached users.