How popular anime wallpapers are becoming hackers’ latest malware trap

In Kenya, fandoms built around blockbuster franchises such as One Piece, Demon Slayer and Jujutsu Kaisen continue to grow, creating thriving online communities that consume everything from merchandise to fan art and themed events.

One of the most visible trends has been the growing popularity of anime wallpapers. Fans increasingly personalise their smartphones and computers with high-resolution 4K images and animated backgrounds featuring favourite characters and scenes.

Applications such as Wallpaper Engine have made the trend even more immersive by allowing wallpapers to include motion effects, atmospheric sounds and interactive elements.

But cybersecurity researchers are now warning that these wallpapers are becoming an unlikely gateway for malware attacks.

Hidden threat

A new report by cybersecurity firm Kaspersky has uncovered an ongoing campaign in which attackers are using Steam Workshop and Wallpaper Engine to distribute malicious software disguised as legitimate animated wallpapers.

Steam Workshop is a feature within Steam, the world’s largest digital distribution platform for PC games. It allows users to share and download user-generated content, including modifications, maps, game items and wallpapers.

Wallpaper Engine, meanwhile, is a popular application for Windows and Android that lets users create, customise and use animated and interactive wallpapers on desktop and mobile devices.

According to cybersecurity experts, this creates opportunities for malicious actors to hide harmful code inside seemingly harmless downloads.

Researchers identified dozens of infected wallpaper packages, many of which had accumulated thousands, and in some cases tens of thousands, of downloads.

The attackers’ primary objective, according to the Kaspersky report, is to steal gaming accounts and deploy additional malware onto victims’ devices.

“The application-based wallpaper feature allows executable programs to run directly on a user’s Windows computer, allowing attackers to distribute malicious software under the guise of legitimate content,” Kaspersky said.

Researchers identified two main attack methods. In some cases, malware files were bundled directly into wallpaper packages.

In others, attackers concealed malicious software inside password-protected archives, with the passwords hidden in file names or configuration files. Once installed, the malware executed automatically.

One sample discovered in December 2025 appeared to launch a harmless desktop game. Behind the scenes, however, it installed the DarkKomet backdoor, a malicious programme primarily targeting Microsoft Windows systems.

The malware deployed tools designed to harvest Steam account credentials and hijack active gaming sessions.

Kenya risks

“The attacks rely on users trusting content hosted within legitimate ecosystems,” said Maxim Starodubov, a cybersecurity expert at Kaspersky.

“While many of the malware families involved are well known, the delivery mechanism enables attackers to reach large numbers of potential victims through seemingly harmless content.”

The findings come as cyber threats remain elevated in Kenya. The Communications Authority of Kenya (CA) recently warned that threat actors are increasingly leveraging AI-powered malware, deepfakes and automated attack tools while exploiting third-party vulnerabilities and previously unknown software flaws.

In the three months to March 2026, the regulator recorded 68.7 million malware attack attempts targeting phones and computer systems, making malware Kenya’s second most common category of cyber threats after system attacks.

Read: Password, username attacks surge to 46m cases

According to the CA, the surge has been driven by unpatched software vulnerabilities, growing social engineering and phishing campaigns, and the increasing use of AI-enabled automation by attackers.

“Malware attacks were largely driven by unpatched vulnerabilities, increased social engineering and phishing activity, cybercrime-as-a-service (CaaS) models and growing use of AI-enabled automation by threat actors,” the regulator said.

Kenyan targets have included end-user devices, internet-connected gadgets, web applications, email systems and network infrastructure.

Government institutions, universities, financial services firms, cryptocurrency platforms and online trading sites have also remained attractive targets.

For anime fans seeking to customise their screens, cybersecurity experts advise exercising caution when downloading applications, even from trusted platforms, and verifying the credibility of content creators before installing any user-generated content.

→ [email protected]

Follow our WhatsApp channel for the latest business and markets updates.