Malware disguised as anime wallpapers targets Steam gamers, steals crypto
window 24h
IN SHORT
Gamers on Steam are being targeted by malware disguised as anime wallpapers, which steals Steam credentials and crypto assets. Researchers found these malicious downloads on Steam Workshop, deploying infostealers like Lumma and Vidar. Separately, Microsoft detailed a new crypto-stealing malware called CryptoBandits, which spreads through USB drives and uses the Tor network. This malware hijacks wallet addresses and can execute remote code, posing a threat to cryptocurrency holders.
✉Newsletter
PiQ Daily
Pick your topics. Get only what matters, on your cadence.
Who's Involved
Kaspersky
cybersecurity firm that discovered malware targeting Steam gamers
Steam
gaming platform targeted by malware disguised as anime wallpapers
Wallpaper Engine
Steam application used to distribute malware disguised as wallpapers
Lumma
infostealer malware deployed by Steam attackers
Vidar
infostealer malware deployed by Steam attackers
Microsoft
company that detailed new crypto-stealing malware CryptoBandits
CryptoBandits
new cryptocurrency clipper malware detailed by Microsoft
Tor network
network used by CryptoBandits for communication
1 / 2
Key facts
Malware disguised as anime wallpapers targets Steam gamers.
Malicious downloads were found on Steam Workshop within Wallpaper Engine.
The malware steals Steam credentials and hijacks gaming sessions.
Infostealers like Lumma and Vidar are deployed by the Steam malware.
Microsoft detailed a new crypto-stealing malware called CryptoBandits.
CryptoBandits spreads via USB drives.
CryptoBandits uses the Tor network for communication.
CryptoBandits steals crypto credentials and hijacks wallet addresses.
CryptoBandits can execute remote code on infected machines.
Malware disguised as anime wallpapers is targeting gamers on Steam, aiming to steal their cryptocurrency. Kaspersky researchers identified malicious downloads on Steam Workshop, specifically within the Wallpaper Engine application, which were presented as anime-themed wallpapers. These disguised downloads deploy infostealers such as Lumma and Vidar, designed to steal Steam credentials, hijack gaming sessions, and ultimately target gamers' cryptocurrency holdings. The attackers exploit the popularity of anime aesthetics to lure unsuspecting users into downloading the compromised content.
In a related development, Microsoft has detailed a new type of cryptocurrency clipper malware named CryptoBandits. This malware utilizes USB drives as a primary vector for spreading, making it a threat to users who share or transfer files via these portable storage devices. Once active on a system, CryptoBandits communicates using the Tor network, an anonymizing network that makes tracking its origins and activities more difficult. The malware's capabilities include stealing cryptocurrency credentials, hijacking wallet addresses to redirect funds to attackers, and the ability to execute remote code on infected machines, granting attackers significant control.
Both threats highlight the evolving tactics used by cybercriminals to target cryptocurrency users. The Steam-based malware leverages a popular gaming platform and its user base's interests, while CryptoBandits employs more traditional but effective methods like USB propagation and the Tor network for stealthy operations. The common goal is the theft of digital assets, underscoring the need for vigilance among gamers and cryptocurrency holders regarding software downloads and data transfer practices.
↳ Why This Matters
Malware disguised as anime wallpapers is targeting gamers on Steam, aiming to steal their cryptocurrency. Kaspersky researchers identified malicious downloads on Steam Workshop, specifically within the Wallpaper Engine application, which were presented as anime-themed wallpapers. These disguised downloads deploy infostealers such as Lumma and Vidar, designed to steal Steam credentials, hijack gaming sessions, and ultimately target gamers' cryptocurrency holdings. The attackers exploit the popularity of anime aesthetics to lure unsuspecting users into downloading the compromised content.
Frequently asked questions
Wallpaper Engine is an application available on Steam that allows users to download and use animated desktop wallpapers, some of which can execute programs.
The malware included infostealers like Lumma and Vidar, designed to steal credentials, browser data, and cryptocurrency wallet information, as well as backdoors like DarkKomet.
Attackers disguised the malware as legitimate, often anime-themed, animated wallpapers available through Steam Workshop, exploiting users' trust in the platform.
Victims were primarily in China and Russia, but infections were also found in Singapore, Hong Kong, Germany, Vietnam, India, and Canada.
What Happens Next
01Users are advised to exercise caution when downloading content from Steam Workshop.
02Security researchers will continue to monitor for similar distribution tactics on gaming platforms.
Get the newsletter.
Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.
