Hackers Are Using Steam Desktop Wallpapers To Steal Windows Logins
Live wallpapers are created using the Wallpaper Engine app, which is a legitimate piece of software available on Steam. Users have a wide array of choices for how they make these animated wallpapers, including using video formats, HTML and CSS, or even full-fledged apps. The animated wallpapers created using this app are then shared by its sizeable community using the Steam Workshop.

The 'app wallpapers' are the kinds being deployed by threat actors, as it enables the execution of malicious code on a victim’s computer. Once a user launches the wallpaper everything will appear to be normal, but in the background the app will begin to install a backdoor such as DarkKomet or run malicious scripts.
Once the malware is installed on a machine it will first make a beeline for the user’s Steam credentials and immediately attempt to hijack the user’s account. Once the account has been taken over, the hackers will use it to upload even more infected wallpapers to further spread malware. Additionally, any valuable user data collected is sent back to a server controlled by the threat actors.
Users should always be mindful of what they’re installing on their systems regardless how trusted the source might be. As one of the researchers notes, "trusted platforms can be abused to distribute malware: the attacks rely on users trusting content hosted within legitimate ecosystems.” It’s something that will likely become more common going forward as other methods of compromising devices becomes less effective.