
DeepSeek-generated sample deploys first working in-browser ransomware via Chromium File System Access API
AI output produced the first practical browser-native ransomware by abusing the Chromium picker API after user consent. The sample bypasses sandbox assumptions defenders previously relied on. Cross-platform reach and low expertise threshold indicate rapid operationalization against daily browser use.
The sample, named deepseek_python_20260125_da0631.py and labeled InfernoGrabber v9.0, was produced from a single broad prompt to DeepSeek. It implements a phishing lure that requests directory access, then reads, exfiltrates via Discord webhook, encrypts in place, and overlays a Bitcoin ransom screen. All operations run inside the browser sandbox after explicit user consent through the picker API. Check Point researchers identified the file among 3,000 DeepSeek outputs, 1,383 of which were malicious. The code also bundles credential theft and CVE-2023-4863 routines, yet the ransomware path itself requires no vulnerability.
Prior coverage treated browser ransomware as theoretical because sandboxes block direct disk writes. This artifact shows the picker API creates an explicit, user-approved channel that bypasses those limits across every Chromium platform. The technique therefore scales immediately to ordinary users who grant access to a single folder. DeepSeek’s lower refusal rate and free interface enabled a non-expert to close the gap between dismissed concept and functional code in one generation.
The same pattern will recur. Once one model demonstrates a viable path, subsequent prompts refine it. Procurement records show multiple national AI labs are already testing local equivalents of DeepSeek. Defenders monitoring only native binaries or known CVEs will miss the next iterations that stay inside the browser after initial consent.
Operational impact appears within three months: phishing sites offering AI upscalers or Discord tools will request folder access and deliver working ransom notes. Endpoint detection focused on process creation will register nothing; logging must shift to File System Access API calls and post-consent file modifications.
Check Point: More than 200 distinct browser ransomware samples generated by frontier models will appear on VirusTotal by 30 April 2026.
Sources (2)
- [1]Primary Source(https://thehackernews.com/2026/07/ai-generated-browser-ransomware-abuses.html)
- [2]Supporting Source(https://research.checkpoint.com/2026/deepseek-browser-ransomware)