If you use a powerful computer, you must have at least heard or know about the Wallpaper Engine software that allows you to use various types of dynamic wallpapers or desktop backgrounds, complete with animations to make using your computer more enjoyable.
Recently, Kaspersky Labs has released a report saying that there are some backgrounds offered through the Wallpaper Engine software that have malware built into them, which has infected several thousand users in several countries around Asia and Europe.
According to the report, users in China and Russia were most affected by this malware attack, with other victims reported to be from Singapore, Hong Kong, Germany, Vietnam, India and Canada.
It was also reported that the purpose of this hacking attack was to take over users' Steam accounts (Wallpaper Engine is offered through Steam) and to install additional malware on users' computers.
Wallpaper Engine comes with access to Steam Workshop, a feature on the Steam game sales platform where users can download additional content created by other users. For Wallpaper Engine in particular, the software supports downloading a variety of file types such as videos, interactive scenes, website files and applications.
There are two main delivery methods used by the hackers. In some cases, DLL files and scripts are bundled directly with the wallpaper package. In other cases, the attackers hide the malware in password-protected archives, with the password embedded in the archive name or configuration file. Once the wallpaper is installed, the malicious payload is automatically activated.
The report further states that the attacks appear to have started since late last year and are carried out by several hackers, not just one group. Kaspersky found that the background offerings from these hackers distributed information-stealing software such as Lumma and Vidar as well as the RenEngine data uploader. Kaspersky security software has detected and blocked all malware associated with the campaign using this malware.
