Gamers beware: malicious wallpapers on Steam found stealing accounts

https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/

25•speckx•1h ago

Comments

beart•1h ago

So this vulnerability isn't directly the result of using Steam, or any of the Steam profile customizations, such as avatars and profile page backgrounds. But rather, it is a vulnerability in a third-party application "Wallpaper Engine" which is available on Steam.

I recall when screen savers were a common malware vector on Windows. I suppose everything old is new again.

nottorp•1h ago

First thing I thought of when I saw the title was "since when does Steam have wallpapers?".

The article is at the least titled misleadingly and an attempt to sell fear.

fckgw•43m ago

The malicious wallpapers, which use "Wallpaper Engine" are also published through Steam Workshop. It's still a Steam problem.

jjmarr•58m ago

I love how the post is clearly written by AI. A human might've noticed all the screenshots appear to be of interactive hentai games distributed through Wallpaper Engine. And wouldn't have said:

> On the surface, this wallpaper sample (above) we uncovered in December 2025 looks completely harmless.

In reference to a screenshot of an anime woman with ripped clothes, eyes in fear, being monitored by CCTV camera.

From my knowledge, "adult entertainment" is targeted by malware because it's socially embarrassing to admit that was the attack vector. It's relevant to point that out.

jmuguy•48m ago

Centipedes? In my waifu?!

jerf•44m ago

Sexual arousal also tends to inhibit rational thought. I don't mean that in a snarky or sarcastic way, I mean that it is a biological process that has been well-studied and well-established [1]. This has obvious uses for scamming people and doing other things that their executive function might normally catch and prevent.

This is also why sexual imagery should generally be kept out of public spaces, not because of "puritanism" but because it just generally isn't a good idea to go around letting bad actors inhibiting people's executive function willy-nilly. That should generally be denied as a tool to bad actors like scammers.

[1]: For instance https://people.duke.edu/~dandan/webfiles/PapersPI/Sexual%20A... - note while the title mentions "sexual decision making" it also covers some 'bad decisions' that aren't particularly sexual on their own.

ApolloFortyNine•42m ago

Wallpaper Engine is pretty old now, and I remember using it years ago reading warning about not downloading unknown wallpapers. I believe there's even settings in the configuration not to run arbitrary code. 8 year old post about it, but honestly pretty sure it's been warned since day 1. [1]

[1] https://www.reddit.com/r/wallpaperengine/comments/7xg27d/rem...

Future Self

Show HN: Almost all of MonsterWriter's back end is open source

Apple is about to make Hide My Email useless

Ask HN: What's your multi-agent orchestration setup, and success rate with it?

A Compendium of Canonical Charts

Users cry foul after AMD stripped memory crypto from its consumer CPUs

Ask HN: How do you make LLM generated text believable?

Ask HN: Those making $500/month on side projects in 2026 – Show and tell

Why Anthropic candidates fail culture after clearing coding and system design

Run Gemma on the edge with the Coral Board [video]

US manufacturer of military TV walls sold to China, US wants it back

German broadcaster removes TV intro after Elon Musk takes legal action

Will AI End the Open Internet? [Wading Through AI – Episode 6] [video]

A 1969 camera operators' strike created Upstairs Downstairs multiverse

Researchers use tiny radio backpacks to track elusive gecko species

Moving 100TB of backups from MinIO to self-hosted SeaweedFS on Hetzner

Show HN: Cpt-city, Xkcd colour schemes

Outlet Video – Watch videos, 100% free, always

Ask HN: Is there a Vim/Emacs for video editing?

Data Processing Is Becoming a GPU Workload

AI's Silent Leap: From Code to Cognition

Migrating from Claude to DeepSeek without breaking everything

Let's talk about your digital remains

Show HN: Ctx, save tokens by loading only the relevant tools

How to Confuse Some SSH Bots

Montana's SB535 and a Potential Biotech Renaissance in America

How HN: Claudestat – real-time Claude Code monitor with loop detection

Another estimate of the productivity gains from AI

Council of Europe hacked in ShinyHunters' PeopleSoft heist

Do AIs Make Good Traders, and Do They Make Good Traders Better?