
In recent years, anime has risen from a niche Japanese art form to a global entertainment powerhouse, at the centre of today’s pop culture.
Fuelled by video streaming platforms and internet culture, these computer-generated animations originating from Japan are now among the world’s most popular television genres, particularly among Gen Z audiences.
In Kenya, fandoms built around blockbuster franchises such as One Piece, Demon Slayer, and Jujutsu Kaisen continue to grow, creating thriving online communities that consume everything from merchandise to fan art and themed events.
One of the most visible trends has been the growing popularity of anime wallpapers. Fans increasingly personalise their smartphones and computers with high-resolution 4K images and animated backgrounds featuring favourite characters and scenes.
Applications such as Wallpaper Engine have made the trend even more immersive by allowing wallpapers to include motion effects, atmospheric sounds, and interactive elements.
Unlikely gateways
But cybersecurity researchers are now warning that these wallpapers are becoming an unlikely gateway for malware attacks.
A new report by cybersecurity firm Kaspersky has uncovered an ongoing campaign in which attackers are using Steam Workshop and Wallpaper Engine to distribute malicious software disguised as legitimate animated wallpapers.
Steam Workshop is a feature within the world’s largest digital distribution platform for PC games, Steam. It allows users to share and download user-generated content, including modifications, maps, game items, and wallpapers.
Wallpaper Engine, meanwhile, is a popular software application for Windows and Android that lets users create, customise, and use animated and interactive wallpapers on their desktop and mobile screens.
But according to cybersecurity experts, this is creating opportunities for malicious actors to hide harmful code inside seemingly harmless downloads.
Researchers identified dozens of infected wallpaper packages, many of which had accumulated thousands, and in some cases tens of thousands, of downloads.
The attackers’ primary objective, according to the Kaspersky report, is stealing gaming accounts and deploying additional malware onto victims’ devices.
“The application-based wallpaper feature allows executable programs to run directly on a user’s Windows computer, allowing attackers to distribute malicious software under the guise of legitimate content,” Kaspersky said.
Researchers found two main attack methods; in some cases, malware files were bundled directly into wallpaper packages.
In others, attackers concealed malicious software inside password-protected archives, with the passwords hidden in file names or configuration files. Once installed, the malware executed automatically.
One sample discovered in December 2025 appeared to launch a harmless desktop game. Behind the scenes, however, it installed the DarkKomet backdoor – a harmful virus primarily targeting Microsoft Windows systems.
The malware deployed tools designed to harvest Steam account credentials and hijack active gaming sessions.
“The attacks rely on users trusting content hosted within legitimate ecosystems,” said Maxim Starodubov, a cybersecurity expert at Kaspersky.
“While many of the malware families involved are well-known, the delivery mechanism enables attackers to reach large numbers of potential victims through seemingly harmless content.”
Leveraging AI-power
The findings come as cyber threats remain high in Kenya. The Communications Authority of Kenya (CA) recently warned that threat actors are increasingly leveraging AI-powered malware, deepfakes, and automated attack tools, while exploiting third-party vulnerabilities and previously unknown software flaws.
In the three months to March 2026, for instance, the regulator recorded 68.7 million malware attack threats targeting phones and computer systems, making malware Kenya’s second-most common category of cyber threats after system attacks.
According to the CA, the surge has been driven by unpatched software vulnerabilities, growing social engineering and phishing campaigns, and the increasing use of AI-enabled automation by attackers.
“Malware attacks were largely driven by unpatched vulnerabilities, increased social engineering and phishing activity, cybercrime-as-a-service (CaaS) models and growing use of AI-enabled automation by threat actors,” the regulator said.
Kenyan targets have included end-user devices, internet-connected gadgets, web applications, email systems, and network infrastructure.
State institutions, universities, financial services firms, cryptocurrency platforms, and online trading sites remain attractive targets.
For anime fans seeking to customise their screens, cybersecurity experts advise users to exercise caution when downloading applications, even from trusted platforms, and to verify the credibility of content creators before installing any user-generated content.