Anime Girls Malware Affects Steam Users, Steals Cryptocurrency

anime girl malware Kaspersky recently identified a sophisticated malware attack stemming from seemingly innocuous downloads tagged as Wallpaper Engine on Steam Workshop. The affected wallpapers, often decorated with animated anime characters, were in fact vehicles for delivering dangerous payloads directly to the users' Windows systems via executable programs hidden within these wallpapers.

In Brief:

  • Widespread Malware: Kaspersky has detected malicious software hidden in downloads labeled as Wallpaper Engine from Steam Workshop, featuring animated female anime characters.
  • Data Theft Focus: The malware targets Steam credentials and installs infostealers like Lumma and Vidar, which are known for stealing sensitive data, including cryptocurrency wallet credentials.
  • Global Impact and Trend: Multiple countries including China, Russia, Singapore, and Germany are affected, highlighting a significant rise in malware attacks targeting gamers and cryptocurrency users.

Discovery of Malware in Steam Workshop

Kaspersky recently identified a sophisticated malware attack stemming from seemingly innocuous downloads tagged as Wallpaper Engine on Steam Workshop. The affected wallpapers, often decorated with animated anime characters, were in fact vehicles for delivering dangerous payloads directly to the users’ Windows systems via executable programs hidden within these wallpapers.

Modus Operandi and Scope of Infection

The cybersecurity firm revealed that attackers cleverly packaged the malware either directly with the wallpaper files or inside password-protected archives that activated after a user completed the installation. Alarmingly, many of these wallpaper packages were downloaded thousands, and in some cases, tens of thousands of times. Though the majority of affected users resided in China and Russia, cases were also documented in regions such as Singapore, Hong Kong, Germany, Vietnam, India, and Canada.

Types of Malware and Mechanism

Among the malicious software deployed were well-known information thieves, Lumma and Vidar. These infostealers are tailored to extract personal and financial data, particularly targeting cryptocurrency wallets. In a notable example from 2025, a wallpaper ostensibly launching a legitimate game instead installed the DarkKomet backdoor, illustrating the deceptive methods employed.

Broader Context and Previous Incidents

This event is yet another in a series of malware outbreaks associated with Steam. Earlier in the same year, a game named Chemia was found compromised, disseminating various malwares aimed at pilfering user data and accessing cryptocurrency assets. In March, the FBI had also begun probing malware infiltrations linked to multiple games on the platform, showing a rising trend of cyber threats in gaming environments.

Expert Commentary

Maxim Starodubov, a researcher at Kaspersky, highlighted the underlying risk by stating, “Trusted platforms can be abused to distribute malware.” He emphasized how attackers exploit these platforms to distribute harmful content under the guise of harmless applications, reaching a broad audience unsuspectingly.

This incident underscores the importance for users and developers alike to remain vigilant and for platforms to enforce stricter security measures to curtail such abuses.