Must Read

Georgia Power Outages Leave 5,346 Customers Without Service

Georgia Power Outages Leave 5,346 Customers Without Service
Hemani Wins 9-0 Ruling as Scotusblog Tracks Gun Ban

Hemani Wins 9-0 Ruling as Scotusblog Tracks Gun Ban
Alphonso Davies Available After May Hamstring for Canada - Catsar

Alphonso Davies Available After May Hamstring for Canada - Catsar
Judge Allows Autopsy Photos in Lindsay Clancy Hearing

Judge Allows Autopsy Photos in Lindsay Clancy Hearing
Johan Manzambi Secures World Cup Spot After Seven-Goal Season

Johan Manzambi Secures World Cup Spot After Seven-Goal Season
Tech

Dozens of Wallpaper Engine Wallpapers Hijack Accounts After Tens of Thousands of Downloads

Dozens of Wallpaper Engine application wallpapers on Steam Workshop carried malware that hijacked Steam accounts and installed backdoors; each package had thousands of downloads.

By Derek Hunt
Published
2 Min Read
2 Views
Dozens of Wallpaper Engine Wallpapers Hijack Accounts After Tens of Thousands of Downloads

Dozens of application wallpapers for Wallpaper Engine on Steam Workshop carried malware that could hijack Steam accounts and install backdoors or crypto miners on Windows systems.

- Advertisement -

Each malicious package had been downloaded thousands or tens of thousands of times since late 2025, primarily targeting gamers in China and Russia and exposing a significant portion of Wallpaper Engine's active Windows audience.

Wallpaper Engine Infection Mechanism

A December 2025 wallpaper sample for Wallpaper Engine appeared harmless on the surface—the built‑in game booted up flawlessly and desktop controls worked as expected—while the package, running on Windows, dropped components that executed within just a few minutes and could steal a live Steam session or cripple the computer with backdoors and crypto miners.

Read Also: Steam Machine Release Date: 3 Store Page Clues That May Point to Valve’s Next Move

Steam Workshop Spread Since late 2025

Since late 2025 attackers have exploited Steam Workshop's sharing feature to publish dozens of malicious application wallpapers that each accumulated thousands or tens of thousands of downloads, and because Wallpaper Engine averages 100,000 daily active users and has nearly a million reviews the campaign reached a large, active Windows user base.

- Advertisement -

DarkKomet and Synaptics.exe Details

The compromised packages dropped a backdoor file named Synaptics.exe that belongs to the DarkKomet malware family and also launched an executable called._cache_GAME1.exe to boot a bundled game named NTRaholic while installing a custom AggregatorHost.dll whose payload searched the system for the Steam app, harvested account credentials, hijacked live Steam sessions and transmitted the collected data to a server controlled by the attackers.

Read Also: Steam Machine Release Date and the Wait for a Living-Room Gaming Reset

Windows users who installed application wallpapers from Steam Workshop should check their systems for files named Synaptics.exe or._cache_GAME1.exe and for an AggregatorHost.dll outside normal Steam files, treat such files as indicators of compromise, disconnect the machine from networks and change Steam account credentials from a different, clean device.

How many Steam accounts were actually hijacked by the malicious wallpapers?

Advertisement
TAGGED:
Share This Article
By Derek Hunt
Technology analyst writing on semiconductors, cybersecurity, and Big Tech regulation. Holds a master's degree in Computer Science from MIT.
- Advertisement -

You Might Also Like