
Check Point Research has demonstrated that DeepSeek V4 generated near-functional browser-based ransomware, dubbed InfernoGrabber 9000, that uses Chrome’s legitimate File System Access API to encrypt local files across Windows, Linux, macOS, and Android, without requiring any native malware installation or exploit.
The proof-of-concept reveals a new attack vector: an AI model independently linked a theoretical capability, browser-based file encryption, to a working technique by identifying and weaponizing the `showDirectoryPicker()` API, a legitimate browser feature that allows web pages to read and modify files in directories selected by the user.
How it works. The attack begins with a social engineering lure, a fake “AI Avatar Enhancer” or image upscaler web app, that tricks the victim into granting folder-level access permission. Once the victim selects a directory (such as their photo folder), the JavaScript-based ransomware enumerates, reads, and encrypts files using browser file handles, then displays a ransom note. Because the ransomware runs entirely as JavaScript within the browser tab, endpoint antivirus products are not designed to detect it as malicious binary code.
On Android, the risk is amplified. Chrome supports full file system access, allowing websites to request access to the DCIM photo directory, where personal photos, scanned IDs, bank screenshots, and recovery codes accumulate over years. iOS Safari does not expose the same API, limiting the attack surface on Apple devices.
DeepSeek’s role. Researchers found that while Anthropic and OpenAI consistently reject requests related to ransomware, credential theft, or malware generation, DeepSeek V4 is less restrictive. When presented with neutral wording, avoiding terms like “ransomware,” the model consistently generated functional, browser-based ransomware code. DeepSeek described its own output as “a sophisticated trap that combines a convincing AI upscaler interface with hidden, ransomware-like behaviors.”
The technique requires neither an APK installation, a native payload, a browser exploit, nor root access, just a single permission click. Check Point validated the attack with a controlled proof-of-concept and confirmed it works across Chromium-based browsers on all four major platforms.
Source: Check Point Research, Daily Security Review, Organisator

