It has been discovered that malware is embedded in the cute girl wallpapers for the popular Steam wallpaper app 'Wallpaper Engine'.
Gamers beware: malicious wallpapers on Steam found stealing accounts | Securelist
https://securelist.com/dozens-of-malicious-wallpapers-found-on-steam-workshop/120186/
Kaspersky discovered a malware campaign targeting Steam users through infected wallpaper
https://www.kaspersky.co.uk/about/press-releases/kaspersky-discovered-a-malware-campaign-targeting-steam-users-through-infected-wallpaper
According to Kaspersky, the attackers were primarily using two methods to distribute the malware.
One method involves bundling a malicious executable file within a wallpaper package, while the other hides the malware within a password-protected archive. In the latter case, victims are either prompted to enter a password or processed automatically by a script.
When users installed these wallpapers, there was a risk that malicious scripts could be executed, potentially hijacking their Steam sessions and stealing their Steam account information, encrypting files with ransomware, or launching hidden cryptocurrency miners that severely degraded system performance.
When a Steam session is hijacked, the system sends all data to a server controlled by the attacker. Once the attacker has control of the session, they can use the victim's account to upload even more malicious wallpapers to the Steam Workshop.
Kaspersky has identified dozens of malicious wallpapers, each of which has been downloaded thousands or even tens of thousands of times. The images Kaspersky cited as examples mainly depicted cute anime-style female characters.
The primary target was China, which accounted for a staggering 89% of downloads. Russia ranked second with 5.5% of total downloads, followed by Singapore (1.4%), Hong Kong (0.9%), Germany (0.9%), Vietnam (0.9%), India (0.5%), and Canada (0.5%). These were detected by Kaspersky's security system.
Kaspersky points out that 'the wide range of tools being used suggests that this is not the work of a single mastermind. Rather, it appears that multiple scattered, independent hacking groups are jumping on the bandwagon. The wallpaper's art style and titles are particularly tailored for China, suggesting that China is the primary target.'
Although the malicious wallpapers and links had already been removed from the platform by the time Kaspersky released the information, Steam Workshop is a platform where users can freely post content, so new malware wallpapers may appear. Kaspersky stated, 'You should keep in mind that Steam does not always detect everything. We strongly recommend running a scan with antivirus software before actually applying these wallpapers.'
Related Posts:
