| ▲ | Gamers beware: malicious wallpapers on Steam found stealing accounts(securelist.com) |
| 41 points by speckx 2 hours ago | 24 comments |
| |
|
| ▲ | beart an hour ago | parent | next [-] |
| So this vulnerability isn't directly the result of using Steam, or any of the Steam profile customizations, such as avatars and profile page backgrounds. But rather, it is a vulnerability in a third-party application "Wallpaper Engine" which is available on Steam. I recall when screen savers were a common malware vector on Windows. I suppose everything old is new again. |
| |
| ▲ | nottorp an hour ago | parent | next [-] | | First thing I thought of when I saw the title was "since when does Steam have wallpapers?". The article is at the least titled misleadingly and an attempt to sell fear. | |
| ▲ | ASalazarMX 9 minutes ago | parent | prev | next [-] | | I'm still waiting for the new generations to rediscover screen savers. | |
| ▲ | raincole 27 minutes ago | parent | prev | next [-] | | It's not completely unrelated to Steam though. The malicious code is delivered by Steam Workshops. It might or might not be justified to put 'Steam' on the title, but it's par on HN standards (people always put 'npm' on the titles when there is a supply chain issue.) | |
| ▲ | wnevets an hour ago | parent | prev | next [-] | | Why do you need an "Engine" for wallpapers in the first place? | | |
| ▲ | jjmarr 34 minutes ago | parent | next [-] | | So you can have an animated or interactive "wallpaper". The malicious wallpapers in the OP are hentai games. | |
| ▲ | _--__--__ 28 minutes ago | parent | prev | next [-] | | The 'wallpapers' in question are pirated games made in renpy (python game engine) or rpgmaker (js based), which makes them a really good vector for malware. As another commenter noted this is a bizarrely common way for Chinese people to get porn through the great firewall. | | |
| ▲ | tsol 17 minutes ago | parent [-] | | Why would that be the only way to get porn that they don't crack down on? |
| |
| ▲ | nosioptar an hour ago | parent | prev | next [-] | | Opensuse (pre 11 iirc) used to have a really cool background where the lighting changed throughout the day, that probably used an engine of some sort. | |
| ▲ | wongarsu 43 minutes ago | parent | prev | next [-] | | Because they are not static images. That's the whole gimmick | |
| ▲ | some_random 34 minutes ago | parent | prev [-] | | Because it's one of the only ways to get porn in China |
| |
| ▲ | fckgw an hour ago | parent | prev [-] | | The malicious wallpapers, which use "Wallpaper Engine" are also published through Steam Workshop. It's still a Steam problem. | | |
| ▲ | gchamonlive an hour ago | parent [-] | | Irrelevant comment, op said "this vulnerability isn't directly the result of using Steam", not that steam doesn't share responsibility | | |
| ▲ | wccrawford 34 minutes ago | parent [-] | | It said they are "on Steam" which is true. They are distributed through the Steam Workshop, which Valve runs and attempts to protect from abuse. While it's not as high-profile as the official profile backgrounds and avatars, it's still in an area that most gamers would think was safe by default, since Valve moderates it. |
|
|
|
|
| ▲ | jjmarr an hour ago | parent | prev | next [-] |
| I love how the post is clearly written by AI. A human might've noticed all the screenshots appear to be of interactive hentai games distributed through Wallpaper Engine. And wouldn't have said: > On the surface, this wallpaper sample (above) we uncovered in December 2025 looks completely harmless. In reference to a screenshot of an anime woman with ripped clothes, eyes in fear, being monitored by CCTV camera. From my knowledge, "adult entertainment" is targeted by malware because it's socially embarrassing to admit that was the attack vector. It's relevant to point that out. |
| |
| ▲ | jerf an hour ago | parent | next [-] | | Sexual arousal also tends to inhibit rational thought. I don't mean that in a snarky or sarcastic way, I mean that it is a biological process that has been well-studied and well-established [1]. This has obvious uses for scamming people and doing other things that their executive function might normally catch and prevent. This is also why sexual imagery should generally be kept out of public spaces, not because of "puritanism" but because it just generally isn't a good idea to go around letting bad actors inhibiting people's executive function willy-nilly. That should generally be denied as a tool to bad actors like scammers. [1]: For instance https://people.duke.edu/~dandan/webfiles/PapersPI/Sexual%20A... - note while the title mentions "sexual decision making" it also covers some 'bad decisions' that aren't particularly sexual on their own. | | |
| ▲ | xeyownt 13 minutes ago | parent | next [-] | | Why would seeing sexual imagery make you less rational? That doesn't make sense. The study you mention say the people were already in an arousal state (that they had to induce themselves). It's very different from seeing images that you may simply ignore, evaluate differently, etc. Also, there is the bias that if people are looking for such images (because they really want them), they are probably more willing to drop recommended practices, and hence make irrational moves. So irrationality doesn't come from seeing the images at the first place, but from their willingness to find / see such images. | |
| ▲ | mrguyorama an hour ago | parent | prev [-] | | >This is also why sexual imagery should generally be kept out of public spaces, not because of "puritanism" but because it just generally isn't a good idea to go around letting bad actors inhibiting people's executive function willy-nilly Okay but presumeably humans adapt to the level of "sexuality" around them to some degree (like they do nearly every other stimulus), because otherwise you could show less prude cultures having lower ability to do "rational thought". Nudity is normal all over the world and yet people seem to function just fine. What constitutes content that justifies sexual arousal is socially constructed! | | |
| ▲ | jerf 37 minutes ago | parent | next [-] | | I cited my sources. You're welcome to seek out studies on the question of how it varies between societies, they probably exist somewhere. However as part of the "adaptation" you cite is precisely scammers getting better at scamming people, this isn't something we should treat casually. It's not as if it's news or anything. "Sex sells" isn't a new phrase. But I think most people assume it's just because it's ambiently appealing, the fact that it also objectively lowers rational barriers to buying what is being sold is less well understood and changes the question from just a matter of appeal to one of psychological abusiveness. That's how I've come to see it; that sexy chick (sexist language chosen advisedly) on the billboard isn't just a company nicely providing me a beautiful thing to look at for no reason at all, it's an attack on my executive function. It's an incredibly hostile thing to do and should be treated as such. | |
| ▲ | vel0city 37 minutes ago | parent | prev [-] | | Note the above commenter specifically used the language "sexual imagery" and not "nudity". As you point out, what can be considered "sexual imagery" can vary somewhat based on the cultural norms of the society. | | |
| ▲ | Xirdus 22 minutes ago | parent [-] | | Somewhat? The variance is off the charts. Without even going to the extremes of casual nudism vs burka, there are cultures where wearing hair down is seen as sexual, and there are cultures were twerking is child appropriate. |
|
|
| |
| ▲ | jmuguy an hour ago | parent | prev [-] | | Centipedes? In my waifu?! |
|
|
| ▲ | wxw an hour ago | parent | prev | next [-] |
| > The whole concept of “application wallpapers” essentially allows foreign code to be run directly on your computer. Cybercriminals took note of this feature and started embedding malware right into these types of wallpapers. > Because Wallpaper Engine relies on Steam Workshop for content sharing, anyone can create a wallpaper and publish it for the community to download and install for free. RIP |
|
| ▲ | ApolloFortyNine an hour ago | parent | prev [-] |
| Wallpaper Engine is pretty old now, and I remember using it years ago reading warning about not downloading unknown wallpapers. I believe there's even settings in the configuration not to run arbitrary code. 8 year old post about it, but honestly pretty sure it's been warned since day 1. [1] [1] https://www.reddit.com/r/wallpaperengine/comments/7xg27d/rem... |
