Featured Image Credit: Valve
Steam users have been warned about a malicious PC download being distributed through one of the games featured on the platform.
In general, Steam is a pretty safe platform to navigate. With thousands of games released each year, it’s actually quite rare to find one which actively harms your computer.
However, sometimes things can slip through the cracks, especially with games which host player-made content which can be downloaded freely.
This is certainly the case for Wallpaper Engine, a tool that’s been available on Steam since 2018, which allows users to create wallpapers and animate images to use on their desktop.
Advert
Cybersecurity company Kaspersky has now issued a warning for Wallpaper Engine users to avoid downloading malicious files to their PCs (via Dexerto).
Kaspersky claims that attackers are hiding these malicious files within certain wallpaper downloads found on Wallpaper Engine’s Steam Workshop.
The report says that researchers identified multiple infected wallpaper packages, which had been downloaded by thousands of users since initially being uploaded. The main goal of the attack is to steal the Steam accounts of affected users, while also deploying additional malware.
According to Kaspersky, the primary targets of this attack were Steam users in China and Russia, but other victims have been located in Singapore, Hong Kong, Germany, Vietnam, India, and Canada.
Wallpaper Engine is a tool which allows executable programs to run directly on a user’s PC, which is what allowed the attackers to distribute the malicious software while disguising it as a legitimate wallpaper.
Moderation tools and automatic filters can prevent a lot of malware from being uploaded to Steam, while users’ antivirus software is set up to protect against some of the most well-known forms of attack.
However, this isn’t a perfect solution, and any app which allows users to download and run executables uploaded online is going to be at risk of hosting malware.
Kaspersky adds that the attack involved two primary delivery methods. In some cases, attackers used malicious executable files, along with DLLs and scripts, which were bundled directly with the wallpaper download from the Steam Workshop.
The other method, as Kaspersky describes it, is one where malware is hidden inside password-protected archives, with the passwords embedded in archive names or configuration files.
Kaspersky urges users to exercise caution when downloading any application, even from trusted sources.
You should also take a moment to verify the reputation and legitimacy of content creators before installing the user-generated content.
You should also rely on proven cybersecurity solutions to detect threats. If you follow the guidance correctly, you should be able to keep safe from any cyber threats which may occur through user-generated content.
Read Next: 13 Steam Next Fest Free Tasters That Have Got Us Excited For Their Full Release
