[beart]

So this vulnerability isn't directly the result of using Steam, or any of the Steam profile customizations, such as avatars and profile page backgrounds. But rather, it is a vulnerability in a third-party application "Wallpaper Engine" which is available on Steam.

I recall when screen savers were a common malware vector on Windows. I suppose everything old is new again.

[nottorp]

First thing I thought of when I saw the title was "since when does Steam have wallpapers?".

The article is at the least titled misleadingly and an attempt to sell fear.

[raincole]

It's not completely unrelated to Steam though. The malicious code is delivered by Steam Workshops. It might or might not be justified to put 'Steam' on the title, but it's par on HN standards (people always put 'npm' on the titles when there is a supply chain issue.)

[wnevets]

Why do you need an "Engine" for wallpapers in the first place?

[jjmarr]

So you can have an animated or interactive "wallpaper". The malicious wallpapers in the OP are hentai games.

[wincy]

I use them because they look nice and with an OLED I wanted a dynamic wallpaper so I wouldn’t get screen burn in. There is adult stuff but everything I use is just video games and matrix scrolling patterns, that kind of stuff, so I can tell my monitor is on without getting burn in. I’ve got a high end desktop so can take the minor performance hit running it all the time.

Unfortunately seems like I’m going to be uninstalling it.

[nosioptar]

Opensuse (pre 11 iirc) used to have a really cool background where the lighting changed throughout the day, that probably used an engine of some sort.

[_--__--__]

The 'wallpapers' in question are pirated games made in renpy (python game engine) or rpgmaker (js based), which makes them a really good vector for malware. As another commenter noted this is a bizarrely common way for Chinese people to get porn through the great firewall.

[tsol]

Why would that be the only way to get porn that they don't crack down on?

[wongarsu]

Because they are not static images. That's the whole gimmick

[some_random]

Because it's one of the only ways to get porn in China

[ASalazarMX]

I'm still waiting for the new generations to rediscover screen savers.

[fckgw]

The malicious wallpapers, which use "Wallpaper Engine" are also published through Steam Workshop. It's still a Steam problem.

[gchamonlive]

Irrelevant comment, op said "this vulnerability isn't directly the result of using Steam", not that steam doesn't share responsibility

[wccrawford]

It said they are "on Steam" which is true. They are distributed through the Steam Workshop, which Valve runs and attempts to protect from abuse.

While it's not as high-profile as the official profile backgrounds and avatars, it's still in an area that most gamers would think was safe by default, since Valve moderates it.

[gchamonlive]

It's true, just irrelevant