Full text
DeepSeek connected a theoretical browser flaw to a working attack chain
The ransomware sample targets Android's photo folder through a fake permission prompt
Check Point classified 1,383 DeepSeek-linked files as malicious or dangerous
A Chinese AI model accidentally stumbled into a working ransomware technique while trying to satisfy an unrealistic, broad prompt.
New findings from Check Point Research say the DeepSeek-generated sample connected a theoretical browser risk to a functioning attack method, requiring no exploit, no app installation, and no real technical skill from the attacker.
It targets Android's photo storage through a legitimate browser feature called the File System Access API, disguised as a simple AI photo-enhancing tool.
How the attack actually works
The technique abuses Android's DCIM folder, which typically holds years of personal photos, scanned identification documents, and banking screenshots.
Victims grant access through a single permission prompt disguised as an AI-powered photo enhancer, unaware they are handing over control of an entire directory.
Check Point's dataset included nearly 3,000 files attributed to DeepSeek, and researchers classified 1,383 of them as malicious or dangerous using VirusTotal and static analysis methods.
The team found a sample implementing a dangerous browser-native technique which has never been observed before in real-world attacks.
The sample, nicknamed InfernoGrabber 9000, was incomplete, yet testing showed it required little additional effort to become fully functional.
โVery little effort is needed. Low-level expertise is sufficient. You don't need to be a sophisticated cybercriminal or advanced persistent threat group,โ said Pedro Drimel Neto, malware analysis team leader at Check Point
โIn fact, we've already observed evidence of actual threat actors attempting this attack using straightforward LLM prompts.โ
Why this marks a turning point
"What we are witnessing is a fundamental shift in how novel cyber attacks are born. For the first time, we have evidence that an AI model can independently reason across legitimate platform features," said Eli Smadja, Head of Research at Check Point
This represents a major shift in how novel cyber-attacks are discovered and developed.
However, the underlying browser risk is not entirely new. A 2023 USENIX Security paper examined how the File System Access API could theoretically enable ransomware .
What changed, according to Check Point, is that DeepSeek connected these previously theoretical ideas into a realistic, working attack chain without human guidance.
When researchers tested the same concept using the latest DeepSeek V4 model, it refused direct ransomware requests but complied once explicit terms were removed.
Comparable testing against other LLMs produced only refusals or heavily constrained, browser-safe implementations lacking the same file-access capability.
Check Point ultimately built a working proof of concept, successfully encrypting photos on Android devices running Chrome 148, confirming the danger extends well beyond a single flawed sample.
Organizations embedding AI into their workflows must now treat every browser permission prompt as a genuine security decision rather than a routine click.
Comments
No comments yet โ be the first to weigh in ๐
No comments yet. Be the first!