A report from cybersecurity firm Kaspersky claims that the popular desktop wallpaper programme, Wallpaper Engine, is being used to spread malware via user-submitted content via the Steam Workshop.

The Steam Workshop is a community feature in Steam, which allows users to share mods and additional content for games and software on the platform.

In this case, community-created animated, video, and interactive wallpapers available for download for Wallpaper Engine were found to be infected with malware, with affected instances receiving thousands of downloads according to Kaspersky.

Once downloaded and installed, the malicious wallpapers can automatically infect a Windows computer with the embedded malware.

Attackers were mainly found to be using two methods: bundling malicious files directly with wallpaper packages, including Dynamic Link Libraries (DLLs, which are files containing code that a computer executes) and scripts, or concealing malware within password-protected compressed files.

It also appears that infection is not immediately obvious when such malware is installed. One malicious wallpaper discovered in December 2025 appeared to function normally and even included a playable embedded game, providing no clear indication of compromise.

In this case, the wallpaper had quietly deployed a DarkKomet backdoor, harvesting user account information and hijacking active Steam sessions. Hijacking refers to an attack where malicious actors take control of an ongoing login without authentication.

Kaspersky further says that the malicious wallpapers were likely uploaded by multiple independent threat actors rather than being part of a coordinated attack by a single group, due to the multiple different types of malware being distributed.

The company recommends users be cautious when downloading applications online, regardless of the source, and to verify the reputation and legitimacy of content creators before installing any user-generated content.