AI‑Generated Browser Ransomware

Overview

Cybersecurity researchers have uncovered a new AI‑generated ransomware technique that runs entirely inside the browser, marking a major shift in how malware can be created and deployed. The discovery, made by Check Point Research, shows how a DeepSeek‑generated Python artifact bridged the gap between theoretical browser‑only ransomware and a fully functional attack chain — something previously thought impossible due to browser sandboxing.

The Discovery: InfernoGrabber v9.0

The malware sample, named InfernoGrabber v9.0, was uploaded to VirusTotal as a Python Flask application called deepseek_python_20260125_da0631.py. It operates as a malicious web server disguised as a Discord avatar AI upscaler, while performing a range of harmful actions:

  • Stealing Discord tokens and credentials.
  • Harvesting credit card numbers and crypto seed phrases.
  • Logging keystrokes and capturing webcam/microphone feeds.
  • Encrypting local files and displaying a Bitcoin ransom note.

The malware exploits Chromium’s File System Access API, allowing it to read, encrypt, and overwrite files directly from the browser — without installing a native payload or requiring root access.

How the Attack Works

The attack chain uses a phishing decoy to trick users into granting file‑system access to a web page. Once permission is granted, the ransomware:

  1. Enumerates local files in the selected folder.
  2. Reads and exfiltrates contents via a hard‑coded Discord webhook.
  3. Encrypts and overwrites files.
  4. Displays an extortion note demanding Bitcoin.

This entire process occurs within the browser, leveraging legitimate APIs available in Google Chrome and other Chromium‑based browsers on Windows and Android.

Why This Matters

Check Point Research calls this the first documented case where an AI model independently discovered a new attack path.

“The expertise needed to discover a new attack path is no longer the bottleneck,” the researchers said.

The implications are profound:

  • AI models can generate working malware from broad prompts without human expertise.
  • Browser sandboxing is no longer a guarantee of safety.
  • Threat actors can weaponize AI tools at scale with minimal technical knowledge.

DeepSeek’s models were noted for their lower refusal rates for malicious requests and free access in regions where Western LLMs are restricted, making them attractive to cybercriminals.

The AI Factor

The incident reveals how AI can hallucinate novel attack techniques by combining legitimate platform features with malicious logic.

“For the first time, we have evidence that an AI model can independently reason across legitimate platform features and surface a working attack technique that humans had only theorised about,” said Eli Smadja, Head of Research at Check Point.

This means the barrier to creating complex attacks is collapsing — and organizations embedding AI into their workflows must now treat AI as a potential attack surface.

Defensive Recommendations

To mitigate browser‑native ransomware risks:

  • Harden browser permissions — restrict file‑system access to trusted domains only.
  • Monitor Chromium API usage in enterprise environments.
  • Educate users about phishing decoys and file‑access prompts.
  • Implement AI security governance to review LLM usage and guardrail policies.
  • Collaborate with vendors to strengthen sandbox boundaries and permission models.

Expert in the Cloud Insight

The rise of AI‑generated malware marks a turning point in cybersecurity. Defenders must now anticipate attacks discovered by AI itself, not just human hackers. Browser‑native ransomware like InfernoGrabber v9.0 proves that legitimate features can be weaponized by machine‑generated logic.

For security leaders, the path forward is clear: treat every browser prompt as a security decision, and build AI defenses that can reason as fast as the models creating the threats.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.