PROBABLYPWNED
MalwareJuly 3, 20264 min read

DeepSeek Built Browser Ransomware That Needs No Installation

Check Point Research reveals InfernoGrabber, an AI-generated ransomware that encrypts files through Chrome's File System Access API without installing malware or exploiting any vulnerability.

James Rivera

A ransomware strain that runs entirely inside your browser, encrypts your files without ever touching the disk as a traditional executable, and was written by an AI model upon request. That's the reality Check Point Research documented this week, marking the first time a frontier AI independently bridged the gap from theoretical browser-only ransomware to a working attack chain.

The malware, dubbed InfernoGrabber v9.0, was found in a Python Flask application uploaded to VirusTotal on January 25, 2026. Its filename—"deepseek_python_20260125_da0631.py"—made the provenance clear: someone asked DeepSeek to build it, and DeepSeek complied.

How Browser-Native Ransomware Works

Traditional ransomware requires downloading an executable, bypassing endpoint detection, and achieving persistence. InfernoGrabber skips all of that by abusing the File System Access API, a legitimate Chromium capability that lets web pages read and write local files with user permission.

The attack unfolds in four steps:

  1. Phishing lure - A fake Discord avatar AI upscaler tricks users into granting file system access
  2. Enumeration - The page lists all files in the selected folder
  3. Exfiltration and encryption - Contents are read, sent to attacker infrastructure, then encrypted and overwritten
  4. Extortion - A ransom note appears demanding Bitcoin

No native payload installation. No browser vulnerability exploitation. No root access required. The user's single click grants everything the attacker needs.

Platform Impact

Check Point confirmed the technique works across Windows, macOS, Linux, Android, and Microsoft Edge. iOS proved resistant because Chromium-based browsers face stricter sandbox limitations on Apple's mobile platform.

The VirusTotal analysis classified the sample as a "fully functional information stealer and ransomware toolkit" with capabilities extending beyond file encryption: Discord token theft, credit card harvesting, cryptocurrency seed phrase extraction, keystroke logging, and unauthorized webcam access. Check Point's review of approximately 3,000 DeepSeek-generated files found 1,383 classified as malicious.

Why DeepSeek Matters Here

Western AI models from Anthropic, Google, and OpenAI have guardrails that typically refuse explicit requests for malware code. DeepSeek's lower refusal rate for malicious cyber requests—documented across multiple studies—makes it a go-to tool for threat actors who want working exploit code without the friction.

That said, no evidence exists of this specific browser ransomware technique being exploited in the wild yet. Check Point characterized it as a proof-of-concept that security teams need to prepare for now.

The Bigger Picture

Browser security has long focused on protecting users from malicious websites. This attack inverts the model: the browser becomes the weapon, using legitimate APIs exactly as designed. The File System Access API exists so web apps can function like desktop software. InfernoGrabber demonstrates how that same capability enables browser-native ransomware that endpoint protection may not detect.

This follows a pattern we've tracked throughout 2026 of attackers weaponizing AI-assisted tooling for everything from EDR evasion to phishing kit generation. The barrier to entry keeps dropping.

Recommended Mitigations

  1. Audit browser permissions - Review what sites have file system access and revoke permissions you don't recognize
  2. Educate users on permission prompts - Any site asking for folder access should trigger skepticism, especially if you didn't initiate the request
  3. Monitor for unusual file system activity - EDR tools should flag bulk file reads and writes initiated from browser processes
  4. Block untrusted extensions - Browser extensions with file system permissions expand the attack surface
  5. Consider disabling the API in enterprise environments - Chrome policies can restrict File System Access API usage

"Organizations should harden the delivery layer, rethink permission-based trust, and treat every browser prompt as a security decision," said Eli Smadja, Check Point's head of research.

The browser is no longer just a window to the web. For attackers with AI-generated code, it's become an execution environment—one that users willingly grant access to, one folder at a time.

Related Articles