top of page

Next-generation ransomware: When AI paves the way for browser attacks

The rapid evolution of Artificial Intelligence (AI) is completely reshaping the cybersecurity landscape, bringing both unprecedented opportunities and challenges. Recently, security researchers discovered a unique strain of ransomware developed with the assistance of DeepSeek. Remarkably, this ransomware runs entirely inside web browsers across multiple operating systems, carving out a brand-new attack vector - something security experts previously deemed highly unlikely due to browser sandboxing mechanisms.

According to cybersecurity firm Check Point, this is the first proof of concept demonstrating how an advanced AI model can autonomously bridge the gap between theory and reality. It transforms a theoretical risk into a functional, real-world attack chain, effectively lowering the technical barrier to entry for threat actors.

The face of "InfernoGrabber v9.0": Ransomware disguised as an image editing tool

This malware sample was discovered as a Python Flask file named deepseek_python_20260125_da0631.py, uploaded to the well-known malware scanning platform VirusTotal on January 25, 2026. The author dubbed the tool InfernoGrabber v9.0, and it has been analyzed as a fully functional info-stealer and ransomware suite.

To lure victims, the attacker disguised the malware as an AI-powered tool designed to enhance profile pictures on Discord. However, beneath this facade, it covertly executes a series of malicious actions:

  • Stealing Discord account tokens.

  • Harvesting credit card details and cryptocurrency wallet recovery phrases.

  • Logging keystrokes (keylogging).

  • Unauthorized activation and recording of webcam and microphone data.

The VirusTotal system also noted that the source code contains specialized routines to exploit browser vulnerabilities (such as CVE-2023-4863), exfiltrate stolen data via a pre-configured Discord webhook, display a Bitcoin ransom lockscreen, and provide a control dashboard for the hacker to manage their "loot."

Mechanism of action: Locking data directly in the browser without installation

The core technique behind this In-Browser Ransomware relies on a legitimate browser feature called the File System Access API.

The attack workflow unfolds as follows:

  1. Threat actors use phishing tactics to lure users to a malicious website.

  2. The website tricks the user into granting access to a local directory on their computer.

  3. Once permissions are granted, the website automatically enumerates, reads, encrypts, and overwrites the victim's original files.

  4. Finally, a ransom note is displayed directly on the screen.

The critical danger: This entire process occurs directly within the web page. It does not require tricking the victim into executing malicious files (such as .exe or .apk), does not demand administrative privileges (root access), and does not even need to exploit browser vulnerabilities to encrypt the data.

This method is effective across Chromium-based browsers that support the directory picker feature. According to tests by Check Point Research, the attack successfully executes on Windows, macOS, Linux, Android, and the Microsoft Edge browser on Windows. The sole exception is iOS (iPhone), which remains unaffected due to its unique architectural design. Although this specific malware model has not yet been widely exploited in the wild, it uncovers a vast attack surface targeting the majority of desktop and Android users.

When AI "hallucinations" become dangerous weapons for hackers

Out of approximately 3,000 DeepSeek-related files analyzed over the past year, experts classified up to 1,383 samples as dangerous or malicious. The exploitation of DeepSeek stems from its lower refusal rate for potentially malicious requests compared to its Western counterparts like OpenAI, Google, or Anthropic. This is further compounded by advantages such as free web-based access, functionality in restricted regions, and the capability to generate a complete malicious application from a single, generic prompt.

Out of 3,000 DeepSeek-related files analyzed over the past year, up to 1,383 samples were classified as dangerous or malicious
Out of 3,000 DeepSeek-related files analyzed over the past year, up to 1,383 samples were classified as dangerous or malicious

Another concerning dimension stems from AI "hallucination." When a user with limited technical knowledge makes unrealistic or abstract requests, the AI model - in an effort to satisfy the prompt - may automatically extrapolate based on legitimate platform features to generate functional code.

Threat actors do not even need to be aware of features like the File System Access API; the AI autonomously identifies and weaponizes it into a practical attack technique. This signifies that the technical barrier to launching sophisticated cyberattacks is steadily crumbling.

The emergence of AI-generated in-browser ransomware is a wake-up call, proving that the future of cybersecurity can no longer rely on the hope that AI models will reject malicious requests. Experts advise organizations and individuals to shift their security mindset: tighten control layers, never default to trusting access permissions, and treat every browser permission prompt as a critical security decision to safeguard their data.

Comments


follow ipsip vietnam.png
40051abd5a76713af8f015988fc6780e-blue-phone-icon-with-a-wave-on-it.webp
whatsapp-mobile-software-icon-png-image_6315991.png
pngtree-minimal-calendar-icon-vector-png-image_21233134.png
IPSIP logo transparent.png

IPSIP VIETNAM ONE MEMBER LIMITED LIABILITY COMPANY (IPSIP VIETNAM OMLLC)

Tax code: 0313859600

🏢 SH05.01, B4 Street, Saritown Area, An Khanh Ward, Ho Chi Minh City, Vietnam

​☎  +84 918 397 489

  • Linkedin
  • Facebook
  • TikTok
  • Email liên hệ
png-clipart-iso-iec-27001-information-security-management-iso-iec-27002-international-orga
soc 2 type ii

Our Services

Sign up to receive in-depth cybersecurity documents and news from IPSIP Vietnam.

bottom of page