Browser ransomware created with DeepSeek

✨ Megiddo

✨ President ✨
Staff member
971
261
Researchers from Check Point discovered malware generated using DeepSeek. The model transformed the theoretical concept of browser ransomware into a nearly complete attack chain. Infection requires no application installation, exploitation of vulnerabilities, or root access; simply convincing the victim to grant the website access to a folder containing files is sufficient.

Experts discovered the malware while analyzing nearly 3,000 files linked to DeepSeek. Ultimately, 1,383 of them were deemed malicious or dangerous, and among the samples, they found the InfernoGrabber v9.0 web application, written in Python using Flask and uploaded to VirusTotal on January 25, 2026.

The malware disguised itself as an AI service for enhancing Discord avatars. Judging by the code, the author asked the AI model to build a versatile browser malware capable of stealing Discord tokens, bank card information, and cryptocurrency wallets, intercepting user input, spying on the victim via the camera and microphone, encrypting files, and demanding ransom. The researchers write that the model was hallucinating when creating most of these functions. For example, the browser sandbox prevented the page from reading data from other websites, surreptitiously turning on the device's camera, or persisting in the system like typical malware. However, among the non-functional templates, they discovered a very real scenario using the File System Access API. This legitimate API allows web applications to read and modify files in a user-selected directory. As a result, the attacker could lure the victim to a phishing page and ask them to select a folder, supposedly for image processing. The malware could then examine the folder's contents, send the data to the server, encrypt the original files, and display a ransom note to the user. This technique works in Chrome and other Chromium-based browsers. Experts tested it on Windows, macOS, Linux, and Android, as well as Microsoft Edge on Windows. The attack could not be replicated on iOS, as browsers on that platform use WebKit and do not support similar file system access. Overall, this threat is not new: experts described the possibility of abusing the File System Access API at the USENIX Security conference back in 2023. However, this scenario had previously remained theoretical, whereas in the case of InfernoGrabber, the model independently linked the vague prompt about creating "malware in the browser" to a real API and produced a nearly complete attack chain.










Although the original InfernoGrabber sample was unstable, the researchers were able to convert it into a fully functional proof-of-concept (PoC) using DeepSeek V4. To bypass security mechanisms, direct references to the ransomware had to be removed from the prompt while preserving the necessary functions. During one test, the model generated working code for a page that accessed the victim's local files and irreversibly modified them.

So far, the researchers have not found evidence of this technique being used in real-world attacks. However, they warn that such attacks may remain undetected due to code obfuscation and the lack of a typical payload. Users are advised to be careful with browser file access requests and not open folders containing photos, documents, and backup codes to unknown sites.