When it comes to desktop wallpaper, I often go with an illustration by Finnish artist Heikala. Making your own wallpaper, not unlike conjuring the visual arts, is a skill. As such, it’s no wonder that many go looking for pre-made backdrops on Steam Workshop—though cybersecurity firm and anti-virus creator Kaspersky warns this has become yet one more avenue to be leveraged by bad actors.
Security researchers have found that malware is being pushed out in the guise of packages for animated desktop wallpapers. A Kaspersky press release claims that multiple infected Workshop wallpapers were downloaded thousands of times via Wallpaper Engine on Steam.
Now, I’m sure you’re curious as to which wallpapers are affected—is there potentially a visual theme that unites them? Well, Kaspersky did include a number of screenshots involving blushing anime women, which perhaps says it all.
Wallpaper Engine offers a number of formats, including animated and interactive desktop scenes. Kaspersky adds, “The application-based wallpaper feature allows executable programs to run directly on a user’s Windows computer, allowing attackers to distribute malicious software under the guise of legitimate content.”
As for how the attackers snuck in their malware alongside the weeaboo wallpapers, Kaspersky highlights two different methods. One route involves bundling malicious executables inside the wallpaper package, whereas another sees bad actors hide “malware inside password-protected archives, with passwords embedded in archive names or configuration files.” Once installed, the application-based wallpaper would automatically trigger the malicious payload inside.
“For example, one of the malicious wallpaper samples discovered in December 2025 appeared to function legitimately at first, launching an embedded desktop game without any visible signs of compromise,” Kaspersky elaborates, “In the background, however, the wallpaper deployed the DarkKomet backdoor and installed a modified library designed to target Steam users: it harvested account information and hijacked active Steam sessions.”
Steam users based in China and Russia appear to have been the primary targets of the malware distribution campaign, though folks living in Singapore, Hong Kong, Germany, Vietnam, India and Canada have also been affected. As far as Kaspersky’s security researchers can tell, the campaign is less of a coordinated effort and appears to be the work of “multiple independent threat actors.” Be safe out there, my fellow weebs.