Gamers beware: malicious wallpapers on Steam found stealing accounts

42 pointsposted 3 hours ago
by speckx
(securelist.com)

25 Comments

beart

2 hours ago

So this vulnerability isn't directly the result of using Steam, or any of the Steam profile customizations, such as avatars and profile page backgrounds. But rather, it is a vulnerability in a third-party application "Wallpaper Engine" which is available on Steam.

I recall when screen savers were a common malware vector on Windows. I suppose everything old is new again.

nottorp

2 hours ago

First thing I thought of when I saw the title was "since when does Steam have wallpapers?".

The article is at the least titled misleadingly and an attempt to sell fear.

raincole

an hour ago

It's not completely unrelated to Steam though. The malicious code is delivered by Steam Workshops. It might or might not be justified to put 'Steam' on the title, but it's par on HN standards (people always put 'npm' on the titles when there is a supply chain issue.)

wnevets

2 hours ago

Why do you need an "Engine" for wallpapers in the first place?

jjmarr

an hour ago

So you can have an animated or interactive "wallpaper". The malicious wallpapers in the OP are hentai games.

_--__--__

an hour ago

The 'wallpapers' in question are pirated games made in renpy (python game engine) or rpgmaker (js based), which makes them a really good vector for malware. As another commenter noted this is a bizarrely common way for Chinese people to get porn through the great firewall.

tsol

an hour ago

Why would that be the only way to get porn that they don't crack down on?

nosioptar

2 hours ago

Opensuse (pre 11 iirc) used to have a really cool background where the lighting changed throughout the day, that probably used an engine of some sort.

wongarsu

2 hours ago

Because they are not static images. That's the whole gimmick

some_random

an hour ago

Because it's one of the only ways to get porn in China

ASalazarMX

an hour ago

I'm still waiting for the new generations to rediscover screen savers.

fckgw

2 hours ago

The malicious wallpapers, which use "Wallpaper Engine" are also published through Steam Workshop. It's still a Steam problem.

gchamonlive

2 hours ago

Irrelevant comment, op said "this vulnerability isn't directly the result of using Steam", not that steam doesn't share responsibility

wccrawford

an hour ago

It said they are "on Steam" which is true. They are distributed through the Steam Workshop, which Valve runs and attempts to protect from abuse.

While it's not as high-profile as the official profile backgrounds and avatars, it's still in an area that most gamers would think was safe by default, since Valve moderates it.

jjmarr

2 hours ago

I love how the post is clearly written by AI. A human might've noticed all the screenshots appear to be of interactive hentai games distributed through Wallpaper Engine. And wouldn't have said:

> On the surface, this wallpaper sample (above) we uncovered in December 2025 looks completely harmless.

In reference to a screenshot of an anime woman with ripped clothes, eyes in fear, being monitored by CCTV camera.

From my knowledge, "adult entertainment" is targeted by malware because it's socially embarrassing to admit that was the attack vector. It's relevant to point that out.

jerf

2 hours ago

Sexual arousal also tends to inhibit rational thought. I don't mean that in a snarky or sarcastic way, I mean that it is a biological process that has been well-studied and well-established [1]. This has obvious uses for scamming people and doing other things that their executive function might normally catch and prevent.

This is also why sexual imagery should generally be kept out of public spaces, not because of "puritanism" but because it just generally isn't a good idea to go around letting bad actors inhibiting people's executive function willy-nilly. That should generally be denied as a tool to bad actors like scammers.

[1]: For instance https://people.duke.edu/~dandan/webfiles/PapersPI/Sexual%20A... - note while the title mentions "sexual decision making" it also covers some 'bad decisions' that aren't particularly sexual on their own.

xeyownt

an hour ago

Why would seeing sexual imagery make you less rational? That doesn't make sense.

The study you mention say the people were already in an arousal state (that they had to induce themselves). It's very different from seeing images that you may simply ignore, evaluate differently, etc.

Also, there is the bias that if people are looking for such images (because they really want them), they are probably more willing to drop recommended practices, and hence make irrational moves. So irrationality doesn't come from seeing the images at the first place, but from their willingness to find / see such images.

mrguyorama

2 hours ago

>This is also why sexual imagery should generally be kept out of public spaces, not because of "puritanism" but because it just generally isn't a good idea to go around letting bad actors inhibiting people's executive function willy-nilly

Okay but presumeably humans adapt to the level of "sexuality" around them to some degree (like they do nearly every other stimulus), because otherwise you could show less prude cultures having lower ability to do "rational thought".

Nudity is normal all over the world and yet people seem to function just fine. What constitutes content that justifies sexual arousal is socially constructed!

subscribed

7 minutes ago

Nudity is not inherently sexual, unless your decide to call all the nudist families and communities perverts and child molesters.

But I assume you grew in the culture where all nudity has been fetishised, so you accidentally conflate these two.

jerf

an hour ago

I cited my sources. You're welcome to seek out studies on the question of how it varies between societies, they probably exist somewhere. However as part of the "adaptation" you cite is precisely scammers getting better at scamming people, this isn't something we should treat casually.

It's not as if it's news or anything. "Sex sells" isn't a new phrase. But I think most people assume it's just because it's ambiently appealing, the fact that it also objectively lowers rational barriers to buying what is being sold is less well understood and changes the question from just a matter of appeal to one of psychological abusiveness.

That's how I've come to see it; that sexy chick (sexist language chosen advisedly) on the billboard isn't just a company nicely providing me a beautiful thing to look at for no reason at all, it's an attack on my executive function. It's an incredibly hostile thing to do and should be treated as such.

vel0city

an hour ago

Note the above commenter specifically used the language "sexual imagery" and not "nudity". As you point out, what can be considered "sexual imagery" can vary somewhat based on the cultural norms of the society.

Xirdus

an hour ago

Somewhat? The variance is off the charts. Without even going to the extremes of casual nudism vs burka, there are cultures where wearing hair down is seen as sexual, and there are cultures were twerking is child appropriate.

jmuguy

2 hours ago

Centipedes? In my waifu?!

wxw

2 hours ago

> The whole concept of “application wallpapers” essentially allows foreign code to be run directly on your computer. Cybercriminals took note of this feature and started embedding malware right into these types of wallpapers.

> Because Wallpaper Engine relies on Steam Workshop for content sharing, anyone can create a wallpaper and publish it for the community to download and install for free.

RIP